[Ask for Feedback] I created a simple typed object-capability language Jo

13 views
Skip to first unread message

fengyun liu

unread,
Jun 19, 2026, 9:02:59 AM (13 days ago) Jun 19
to friam
I've been studying and learning about object-capability systems for over 10 years. I firmly believe that ocaps as a reasoning principle in the language is the right way to go for building secure systems.

Following Mark Miller's E language, David Wagner et al's Joe-E, I'm building a typed ocaps language:


In essence it is just a simple ocaps language with an interesting way to propagate capabilities (contextual capabilities) and with a compiler design trick for allowing FFI in trusted world but not in untrusted world.

The web site uses "compile-time sandboxing" --- that is just a way to speak to programmers, because I find "capability system" does not speak much to them.

The formal capability model is explain here:

The language and tools are still young. I'll appreciate your feedback to help make it better and more usable for the world.

Alan Karp

unread,
Jun 19, 2026, 11:17:41 AM (13 days ago) Jun 19
to fr...@googlegroups.com
Looks interesting.  You should send this to the wider audience at cap-...@googlegroups.com.

--------------
Alan Karp


--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/29f363d5-0818-46b0-8bf4-01b65e329481n%40googlegroups.com.

Raoul Duke

unread,
Jun 19, 2026, 12:09:18 PM (13 days ago) Jun 19
to fr...@googlegroups.com
Sounds to me like it possibly rhymes with

* React Context. 

* Oleg's dynamic binding work. 

fengyun liu

unread,
Jun 19, 2026, 12:21:22 PM (13 days ago) Jun 19
to fr...@googlegroups.com
Thank you Alan, I also posted to cap-talk, hope it will not spam people :)

> Sounds to me like it possibly rhymes with * React Context.  * Oleg's dynamic binding work. 

Yes, React Context looks very similar . I need to check out Oleg's work.

Also, Java's scoped values is the same idea: https://openjdk.org/jeps/506

There is a minor difference with Java's scoped values though: whether a capability may be captured from the context.


--
You received this message because you are subscribed to a topic in the Google Groups "friam" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/friam/FKX6ALhW0_s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CAJ7XQb4gaMECMS0B0jssHxgYzkJvUcut6k9OvEa84EXNMbS%2Bww%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages