|
|
Line 1: |
Line 1: |
- | == Definition ==
| |
| | | |
- | A ''capability'' is a token that identifies an [[subject, object, operation and permission|object]] and provides its holder with the [[subject, object, operation and permission|permission]] to operate on the object it identifies. Capabilities must either be totally unforgeable or infeasible to forge by being ''sparse''.
| + | Can the word "capability" refer to: |
| + | . unforgable object reference? |
| + | . keys in KeyKos, Eros and Capros? |
| + | . an Actor address + an facet identifier? |
| | | |
- | == Examples ==
| + | At least it seams to convei the idea of bundling authority with designation. |
- | Some examples of unforgeable capabilities:
| + | |
- | * Designations of objects in the [[E language]]. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
| + | |
- | * Designations of functions and procedures in [[Emily]]. Those who hold these capabilities have the permission to call designated functions or procedures.
| + | |
- | * Capabilities held by a process in [[capability operating system]]s.
| + | |
- | * POSIX file descriptors.
| + | |
- | Some examples of sparse capabilities (sometimes called password capabilities):
| + | |
- | * Designations of remote objects in E, such as <code>captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq.</code> Those who hold these capabilities have the permission to invoke any method supported by the designated object.
| + | |
- | * Private URLs where having the URL is necessary and sufficient to use the resource. Common examples are:
| + | |
- | ** "Confirm your e-mail address" links for website account registrations, mailing list subscriptions or opt-outs, e.g. <code><nowiki>http://drupal.cbreurope.sk/civicrm/mailing/optout?reset=1&jid=XX&qid=XXXXX&h=XXXXXXXXXXXXXXXX&confirm=1</nowiki></code>
| + | |
- | ** Shared private documents such as in Google Docs, Google Maps, [http://picasa.google.com Picasa] albums, [http://www.doodle.com Doodle] schedulers.
| + | |
- | * Designation of file-system sub-trees in [[MinorFs]], such as <code>/mnt/minorfs/cap/3d5d3efbf73bb711e7a47f82a44f471fcf77c70e/</code>
| + | |
- | * URL links to Bitcoin [http://blog.maschinenraum.tk/2012/07/15/bitcoin-vending-machine-exchange-euro-coins-for-bitcoin-wallets/btc-vending-machine-3 wallets].
| + | |
| | | |
- | An [[Unum]] can be also considered as a capability to a (replicated) object in a similar way as file descriptors of transparently replicated files by RAID are still regarded as file descriptors.
| + | ---- |
- | | + | This is an stub so expand it please. |
- | == URLs as capabilities ==
| + | |
- | | + | |
- | As noted above, URLs are often used as capabilities in practice, especially when sent over e-mail. Some explicitly capability-structured systems, such as [[Tahoe-LAFS]], use capability URLs.
| + | |
- | | + | |
- | A hazard to using capability URLs directly in a web browser is that many browser extensions or options may transmit URLs to a third-party server. In the worst case, this may make those URLs public. However, there is some mitigation:
| + | |
- | * The fragment part of a URL reference (<code>#<em>id</em></code>) is not transmitted. If the browser supports executing JavaScript, then the capability can be placed in the fragment and transmitted only under script control, not as part of a URL.
| + | |
- | * The query string part (<code>?<em>foo</em>=<em>bar</em></code>) is often not transmitted. (Citation needed on this one!)
| + | |
- | | + | |
- | == See also ==
| + | |
- | | + | |
- | See [http://www.eros-os.org/essays/capintro.html What is a Capability, Anyway?] for a partisan explanation of what capabilities actually are.
| + | |
- | | + | |
- | See also [http://www.erights.org/elib/capability/overview.html Overview: Capability Computation]
| + | |
- | | + | |
- | {{stub}}
| + | |
At least it seams to convei the idea of bundling authority with designation.
This is an stub so expand it please.