'capabilities' or a plea for consistent terminology
jont at us.ibm.com
jont at us.ibm.com
Wed Apr 19 01:12:10 GMT 2000
Kris,
1) as I understand it the "pure" in "pure capabilities" in Eros is because
it uses only capabilities: not capabilities and ACLs,
nor capabilities and MLS, nor capabilities and kernel privileges, ...
2) the current usage of discussing possible security models is exactly
the scenario where the confusion exists (if trusted BSD implemented
capabilites[*] it would solve lots of problems)
3) the simple word privileges probably has fewer overloadings in this
context
[*] Either of the other uses, and possibly both in the same system.
[ But this is not the thread to discuss favouring one or the other. ]
- JonT
On Tue, 18 Apr 2000 jont at us.ibm.com wrote:
> Unfortunately for everybody the posix.1e committee labelled
> kernel-privileges 'capabilities'.
>
> Anybody vaguely aware of access control models would realise that
> they are a shallow fascimilie to real capabilities.
> [ See www.eros-os.org for an OS that really uses capabilities. ]
OTOH, EROS seem to refer to their implementation as "pure capabilities" at
least in some of the papers I have read. In the UNIX world, where it's
taken for granted that not everything is implemented as a capability
token, I think it's quite reasonable to refer to "kernel privileges" as
"capabilities" provided we're not mixing discussion of both types of
system. In other words, it should be obvious from context.
On a purely practical level, I don't think you'd get people to type out
"posix.1e capabilities" every time they want to refer to the concept :-)
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe at alum.mit.edu>
---
Jon Tidswell
Advanced OS Technology Group / Sawmill Linux Project
IBM TJ Watson Research Center 30 Saw Mill River Road, Hawthorne, N.Y. 10532
Email: jont at us.ibm.com Voice: +1 914 784 7550
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list