A capability is a token that identifies an object and provides its holder with the permission to operate on the object it identifies. Capabilities must either be totally unforgeable or infeasible to forge by being sparse.
Some examples of unforgeable capabilities:
- Designations of objects in the E language. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
- Designations of functions and procedures in Emily. Those who hold these capabilities have the permission to call designated functions or procedures.
- Capabilities held by a process in capability operating systems.
- POSIX file descriptors.
Some examples of sparse capabilities (sometimes called password capabilities):
- Designations of remote objects in E, such as captp://*email@example.com:55189/oa6vn5whhapylswhzesdlqh5ppmjkcrq. Those who hold these capabilities have the permission to invoke any method supported by the designated object.
- Private URLs where having the URL is necessary and sufficient to use the resource. Common examples are:
- Designation of file-system sub-trees in MinorFs, such as /mnt/minorfs/cap/3d5d3efbf73bb711e7a47f82a44f471fcf77c70e/
XXX What exactly do we mean by password capabilities here, such that a captp URL is not one?
XXX improve this section
See What is a Capability, Anyway? for a partisan explanation of what capabilities actually are.
See also Overview: Capability Computation