Capability
From Erights
(Difference between revisions)
| Line 1: | Line 1: | ||
== Definition == | == Definition == | ||
| - | + | A ''capability'' is a token that identifies an [[subject, object, operation and permission|object]] and provides its holder with the [[subject, object, operation and permission|permission]] to operate on the object it identifies. Capabilities must either be totally unforgeable or infeasible to forge. | |
== Examples == | == Examples == | ||
| Line 8: | Line 8: | ||
* Designations of functions and procedures in [[Emily]]. Those who hold these capabilities have the permission to call designated functions or procedures. | * Designations of functions and procedures in [[Emily]]. Those who hold these capabilities have the permission to call designated functions or procedures. | ||
* Designations of channels in [http://altair.fiit.stuba.sk/mediawiki/index.php/Tamed_Pict Tamed Pict]. Those who hold these capabilities may have a permission to make send and/or receive operations with the designated channel. | * Designations of channels in [http://altair.fiit.stuba.sk/mediawiki/index.php/Tamed_Pict Tamed Pict]. Those who hold these capabilities may have a permission to make send and/or receive operations with the designated channel. | ||
| - | Some examples of | + | Some examples of capabilities that are infeasible to forge: |
* Designations of remote objects in E, such as <tt>captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq.</tt> Those who hold these capabilities have the permission to invoke any method supported by the designated object. | * Designations of remote objects in E, such as <tt>captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq.</tt> Those who hold these capabilities have the permission to invoke any method supported by the designated object. | ||
| + | * Password capabilities. | ||
== See also == | == See also == | ||
Revision as of 12:44, 13 July 2009
Definition
A capability is a token that identifies an object and provides its holder with the permission to operate on the object it identifies. Capabilities must either be totally unforgeable or infeasible to forge.
Examples
Some examples of unforgeable capabilities:
- Designations of objects in E. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
- Designations of functions and procedures in Emily. Those who hold these capabilities have the permission to call designated functions or procedures.
- Designations of channels in Tamed Pict. Those who hold these capabilities may have a permission to make send and/or receive operations with the designated channel.
Some examples of capabilities that are infeasible to forge:
- Designations of remote objects in E, such as captp://*orwqphzlugjwqj2wozz7tmg47ime466j@74.125.87.147:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
- Password capabilities.
See also
XXX improve this section
See What is a Capability, Anyway? for a partisan explanation of what capabilities actually are.
See also Overview: Capability Computation
- This page is a stub; it should be expanded with more information. If doing so, check the original E web site and the mailing list archives for content which could be moved into this page.
