'capabilities' or a plea for consistent terminology

jont at us.ibm.com jont at us.ibm.com
Wed Apr 19 01:12:10 GMT 2000 


Kris,

1) as I understand it the "pure" in "pure capabilities" in Eros is because
   it uses only capabilities: not capabilities and ACLs,
   nor capabilities and MLS, nor capabilities and kernel privileges, ...

2) the current usage of discussing possible security models is exactly
   the scenario where the confusion exists (if trusted BSD implemented
   capabilites[*] it would solve lots of problems)

3) the simple word privileges probably has fewer overloadings in this
context


[*] Either of the other uses, and possibly both in the same system.
[ But this is not the thread to discuss favouring one or the other. ]

- JonT

On Tue, 18 Apr 2000 jont at us.ibm.com wrote:

> Unfortunately for everybody the posix.1e committee labelled
> kernel-privileges 'capabilities'.
>
> Anybody vaguely aware of access control models would realise that
> they are a shallow fascimilie to real capabilities.
> [ See www.eros-os.org for an OS that really uses capabilities. ]

OTOH, EROS seem to refer to their implementation as "pure capabilities" at
least in some of the papers I have read. In the UNIX world, where it's
taken for granted that not everything is implemented as a capability
token, I think it's quite reasonable to refer to "kernel privileges" as
"capabilities" provided we're not mixing discussion of both types of
system. In other words, it should be obvious from context.

On a purely practical level, I don't think you'd get people to type out
"posix.1e capabilities" every time they want to refer to the concept :-)

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe at alum.mit.edu>



---
Jon Tidswell
Advanced OS Technology Group / Sawmill Linux Project
IBM TJ Watson Research Center 30 Saw Mill River Road, Hawthorne, N.Y. 10532

Email: jont at us.ibm.com   Voice: +1 914 784 7550




To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list