capability: Extend.

1 files changed, 105 insertions, 1 deletions

diff --git a/capability.mdwn b/capability.mdwn
index d78810d5..ddadf137 100644
--- a/capability.mdwn
+++ b/capability.mdwn
@@ -1,4 +1,4 @@
-[[!meta copyright="Copyright © 2007, 2008, 2010 Free Software Foundation,
+[[!meta copyright="Copyright © 2007, 2008, 2010, 2011 Free Software Foundation,
 Inc."]]
 
 [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
@@ -28,6 +28,110 @@ sent a string to identify the file to B, the identifier lacks a
 than A intended.  Be ensuring that [[designation]] and [[authorization]] are
 always bound together, these problems are avoided.
 
+Capability-based system architectures strive to meet the *principle of least
+privilege* ({{$wikipedia_polp}}).
+
+[[!tag open_issue_documentation]] <!--
+Revoking capabilities: destroy Mach port, invalidates *all* send rights.  See
+shapiro_capintro_1999.  To be more fine-grained, need separate instances, for
+example, valet key vs. door key.  Proxy objects (that can be destroyed
+individually); attenuation design pattern, membranes
+(wikipedia_object-capability_model)?
+-->
+
+A capability mechanism is typically implemented in software my the operating
+system kernel (typically a [[microkernel]].  The computing cost (as compared to
+a hardware implementation) is neglectable.
+
+
+[[!tag open_issue_documentation]] <!--
+References.  shapiro_capintro_1999 has a bit.
+-->
+
+
+[[!tag open_issue_documentation]] <!--
+# Advantages
+
+  * increased security; POLP
+
+  * easy exchanging of functionality
+
+  * support modular design and encapsulation
+
+  * easy collaboration (in theory; need real example)
+
+-->
+
+
+# UNIX
+
 [[UNIX file descriptors|unix/file_descriptor]] can be viewed as capabilities.
 They do not survive reboot, that is, they are not [[persistent|persistency]].
 To work around this, [[ACL]]s are used to recover authority.
+
+
+# GNU/Hurd
+
+In the GNU/Hurd system, a capability is represented by a [[Mach
+port|microkernel/mach/port]].  As in UNIX (see above), they are not
+[[persistent|persistency]].
+
+
+# Further Reading
+
+  * [[Mach port|microkernel/mach/port]]
+
+[[!toggleable id=shapiro_capintro_1999 text="""[[!template id=note
+text="*[[shapiro\_capintro\_1999|capability]]*:
+{{$capability#shapiro_capintro_1999}}.
+{{$capability#shapiro_capintro_1999_text}}."]]"""]]
+
+  * [[!toggle id=shapiro_capintro_1999 text="[shapiro\_capintro\_1999]"]]
+
+  * {{$wikipedia_capability-based_security}}
+
+  * {{$wikipedia_object-capability_model}}
+
+  * {{$wikipedia_polp}}
+
+
+[[!tag open_issue_documentation]] <!--
+<http://www.eros-os.org/essays/wherefrom.html>,
+<http://www.eros-os.org/essays/ACLSvCaps.html>,
+<http://www.cap-lore.com/CapTheory/index.html>,
+<http://www.cap-lore.com/CapTheory/tddCap.html>
+<http://www.skyhunter.com/marcs/capabilityIntro/>
+-->
+
+
+[[!ymlfront data="""
+
+shapiro_capintro_1999:
+
+  "[What *is* a Capability,
+  Anyway?](http://www.eros-os.org/essays/capintro.html), Jonathan Shapiro,
+  1999"
+
+shapiro_capintro_1999_text:
+
+  "This is an easily readable introduction with good examples.  In the author's
+  own words, the text *provides a layman's introduction to capabilities,
+  describing what they are, what they do, and why they result in better
+  security than today's computer systems*"
+
+wikipedia_capability-based_security:
+
+  "[[!wikipedia Capability-based_security desc=\"Wikipedia, capability-based
+  security\"]]"
+
+wikipedia_object-capability_model:
+
+  "[[!wikipedia Object-capability_model desc=\"Wikipedia, object-capability
+  model\"]]"
+
+wikipedia_polp:
+
+  "[[!wikipedia Principle_of_least_privilege desc=\"Wikipedia, principle of
+  least privilege\"]]"
+
+"""]]