Capability
From Erights
(Difference between revisions)
m (added another example of sparse capability (opt-outs from "newsletters")) |
Kevin Reid (Talk | contribs) (sample URLs shouldn't be buried in actual links) |
||
| Line 10: | Line 10: | ||
* POSIX file descriptors. | * POSIX file descriptors. | ||
Some examples of sparse capabilities (sometimes called password capabilities): | Some examples of sparse capabilities (sometimes called password capabilities): | ||
| - | * Designations of remote objects in E, such as < | + | * Designations of remote objects in E, such as <code>captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq.</code> Those who hold these capabilities have the permission to invoke any method supported by the designated object. |
* Private URLs where having the URL is necessary and sufficient to use the resource. Common examples are: | * Private URLs where having the URL is necessary and sufficient to use the resource. Common examples are: | ||
| - | ** "Confirm your e-mail address" links for website account registrations, mailing list subscriptions or | + | ** "Confirm your e-mail address" links for website account registrations, mailing list subscriptions or opt-outs, e.g. <code><nowiki>http://drupal.cbreurope.sk/civicrm/mailing/optout?reset=1&jid=XX&qid=XXXXX&h=XXXXXXXXXXXXXXXX&confirm=1</nowiki></code> |
** Shared private documents such as in Google Docs, Google Maps, [http://picasa.google.com Picasa] albums, [http://www.doodle.com Doodle] schedulers. | ** Shared private documents such as in Google Docs, Google Maps, [http://picasa.google.com Picasa] albums, [http://www.doodle.com Doodle] schedulers. | ||
| - | * Designation of file-system sub-trees in [[MinorFs]], such as < | + | * Designation of file-system sub-trees in [[MinorFs]], such as <code>/mnt/minorfs/cap/3d5d3efbf73bb711e7a47f82a44f471fcf77c70e/</code> |
| - | [[Unum]] can be also considered as a capability to a (replicated) object in a similar way as file descriptors of transparently replicated files by RAID are still regarded as file descriptors. | + | An [[Unum]] can be also considered as a capability to a (replicated) object in a similar way as file descriptors of transparently replicated files by RAID are still regarded as file descriptors. |
== See also == | == See also == | ||
Revision as of 11:52, 16 September 2011
Definition
A capability is a token that identifies an object and provides its holder with the permission to operate on the object it identifies. Capabilities must either be totally unforgeable or infeasible to forge by being sparse.
Examples
Some examples of unforgeable capabilities:
- Designations of objects in the E language. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
- Designations of functions and procedures in Emily. Those who hold these capabilities have the permission to call designated functions or procedures.
- Capabilities held by a process in capability operating systems.
- POSIX file descriptors.
Some examples of sparse capabilities (sometimes called password capabilities):
- Designations of remote objects in E, such as
captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq.Those who hold these capabilities have the permission to invoke any method supported by the designated object. - Private URLs where having the URL is necessary and sufficient to use the resource. Common examples are:
- "Confirm your e-mail address" links for website account registrations, mailing list subscriptions or opt-outs, e.g.
http://drupal.cbreurope.sk/civicrm/mailing/optout?reset=1&jid=XX&qid=XXXXX&h=XXXXXXXXXXXXXXXX&confirm=1 - Shared private documents such as in Google Docs, Google Maps, Picasa albums, Doodle schedulers.
- "Confirm your e-mail address" links for website account registrations, mailing list subscriptions or opt-outs, e.g.
- Designation of file-system sub-trees in MinorFs, such as
/mnt/minorfs/cap/3d5d3efbf73bb711e7a47f82a44f471fcf77c70e/
An Unum can be also considered as a capability to a (replicated) object in a similar way as file descriptors of transparently replicated files by RAID are still regarded as file descriptors.
See also
See What is a Capability, Anyway? for a partisan explanation of what capabilities actually are.
See also Overview: Capability Computation
- This page is a stub; it should be expanded with more information. If doing so, check the original E web site and the mailing list archives for content which could be moved into this page.
