Using capabilities
11 views
Skip to first unread message
James Diacono
Sep 24, 2025, 3:13:52 PM (4 days ago) Sep 24
to friam
Even though I've studied some capability literature and have a reasonable understanding of object capability principles, exactly how I would go about writing a capability-based application feels very murky. Since many distributed commercial applications are basically the same in some sense (users creating and changing documents or other resources), there must be well trodden design patterns that could be applied to many kinds of applications.
My question is, does anybody know of any case studies, guides, or documented exemplars that might help me get my head around working with capabilities at a larger scale?
Raoul Duke
Sep 24, 2025, 4:25:07 PM (4 days ago) Sep 24
to fr...@googlegroups.com
maybe, for example, how far apart is dependency injection style from ocaps? since that is the analogy/example in the small i believe i have seen -> at what scale does that analogy not hold?
James Diacono
Sep 24, 2025, 4:33:56 PM (4 days ago) Sep 24
to friam
You're right, I have been using dependency injection style capabilities extensively, but these are just transient object references. What I'm unsure about is how to do persistent capabilities in a distributed system. I guess I would figure something out, but I'd like to know how others have solved this problem.
Alan Karp
Sep 24, 2025, 4:48:58 PM (4 days ago) Sep 24
to fr...@googlegroups.com
E in a Walnut might have what you're looking for.
Other material that doesn't specifically discuss design patterns but might be useful:
SCoopFS and the tech report. The implementation uses webkeys, URLs with unguessable fragments, as capabilities.
ClusterKen implements a pub-sub system with webkeys.
Zebra Copy uses SAML 1.1 certificates to implement a trivial application in J2EE and .NET.
Other examples are the Darpa Browser and CapDesk, but I don't know if the source is available.
--------------
Alan Karp
On Wed, Sep 24, 2025 at 12:13 PM James Diacono <diach...@gmail.com> wrote:
Even though I've studied some capability literature and have a reasonable understanding of object capability principles, exactly how I would go about writing a capability-based application feels very murky. Since many distributed commercial applications are basically the same in some sense (users creating and changing documents or other resources), there must be well trodden design patterns that could be applied to many kinds of applications.My question is, does anybody know of any case studies, guides, or documented exemplars that might help me get my head around working with capabilities at a larger scale?
--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/21f09f33-9610-44ba-ba57-35c6abbc3b3fn%40googlegroups.com.
Mark S. Miller
Sep 24, 2025, 5:19:12 PM (4 days ago) Sep 24
to fr...@googlegroups.com
On Wed, Sep 24, 2025 at 1:48 PM Alan Karp <alan...@gmail.com> wrote:
E in a Walnut might have what you're looking for.Other material that doesn't specifically discuss design patterns but might be useful:SCoopFS and the tech report. The implementation uses webkeys, URLs with unguessable fragments, as capabilities.ClusterKen implements a pub-sub system with webkeys.Zebra Copy uses SAML 1.1 certificates to implement a trivial application in J2EE and .NET.Other examples are the Darpa Browser and CapDesk, but I don't know if the source is available.
Good recommendations ;) !
CapDesk and the Darpa Browser should be in the E distribution http://www.erights.org/download/0-9-3/
see http://combex.com/ for in-depth explanations of both.
Expect to see more here soon specifically for the JS programmer.
--------------
Alan Karp--On Wed, Sep 24, 2025 at 12:13 PM James Diacono <diach...@gmail.com> wrote:Even though I've studied some capability literature and have a reasonable understanding of object capability principles, exactly how I would go about writing a capability-based application feels very murky. Since many distributed commercial applications are basically the same in some sense (users creating and changing documents or other resources), there must be well trodden design patterns that could be applied to many kinds of applications.My question is, does anybody know of any case studies, guides, or documented exemplars that might help me get my head around working with capabilities at a larger scale?--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/21f09f33-9610-44ba-ba57-35c6abbc3b3fn%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z1AB%2B5fVadThHtTiueaPQdGLGso_njeiVhz_doc3JLJLg%40mail.gmail.com.
Cheers,
--MarkM
--MarkM
John Kemp
Sep 24, 2025, 5:48:07 PM (4 days ago) Sep 24
to fr...@googlegroups.com
El 09/24/25 a las 16:48, Alan Karp escribió:
> Zebra Copy <https://shiftleft.com/mirrors/www.hpl.hp.com/
> techreports/2007/HPL-2007-105.pdf> uses SAML 1.1 certificates to
was surprised to learn about "SAML 1.1 certificates" so I had a quick
scan of the Zebra paper to discover that you are embedding SAML
assertions inside of a Zebra-defined <certificate-log/> element.
FWIW, relatedly, SAML was also profiled for XACML (eXtensible Access
Control Markup Language) to provide authorization assertions.
XML... makes me feel old.
- johnk
--
Independent Security Architect
t: +1.413.645.4169
e: stable.p...@gmail.com
https://www.linkedin.com/in/johnk-am9obmsk/
https://github.com/frumioj
> Zebra Copy <https://shiftleft.com/mirrors/www.hpl.hp.com/
> techreports/2007/HPL-2007-105.pdf> uses SAML 1.1 certificates to
> implement a trivial application in J2EE and .NET.
Given that I was one of the SAML 2 editors and worked on SAML 1.1 too, I
was surprised to learn about "SAML 1.1 certificates" so I had a quick
scan of the Zebra paper to discover that you are embedding SAML
assertions inside of a Zebra-defined <certificate-log/> element.
FWIW, relatedly, SAML was also profiled for XACML (eXtensible Access
Control Markup Language) to provide authorization assertions.
XML... makes me feel old.
- johnk
--
Independent Security Architect
t: +1.413.645.4169
e: stable.p...@gmail.com
https://www.linkedin.com/in/johnk-am9obmsk/
https://github.com/frumioj
James Diacono
Sep 25, 2025, 5:40:25 AM (4 days ago) Sep 25
to friam
Thanks for the links, I'll have a read.
Mike Stay
Sep 25, 2025, 6:55:44 PM (3 days ago) Sep 25
to fr...@googlegroups.com
Also http://www.erights.org/talks/efun/SecurityPictureBook.pdf
> To view this discussion visit https://groups.google.com/d/msgid/friam/CAK5yZYgaDOqX2GwhEEEELUp0kgeMwuNDWzSMEWeYOPp%3DR%2BrcgQ%40mail.gmail.com.
--
Mike Stay - meta...@gmail.com
https://math.ucr.edu/~mike
https://reperiendi.wordpress.com
--
Mike Stay - meta...@gmail.com
https://math.ucr.edu/~mike
https://reperiendi.wordpress.com
Reply all
Reply to author
Forward
0 new messages