Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?

On 11/10/2021 14:33, Doctor Who wrote:
> Hello,
> someone knows how to introduce the capabilities paradigm in Ada,
> specifically for programs written using the Ravenscar profile ?
>
>

Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.

Doctor Who <doc@tardis.org> writes:

> someone knows how to introduce the capabilities paradigm in Ada,
> specifically for programs written using the Ravenscar profile ?

Google hasn't helped me to understand what you're getting at. Perhaps
you could expand?

On Monday, October 11, 2021 at 7:33:53 AM UTC-6, Doctor Who wrote:
> Hello,
> someone knows how to introduce the capabilities paradigm in Ada,
> specifically for programs written using the Ravenscar profile ?
I'm not quite sure what you mean by "capabilities paradigm", could you elaborate on it a bit.

If my gut intuition is anything to go off of, you're referring to the ability to program against a type and operations thereon, correct?
If so, then Ada has this in the form of Generics: you can pass types, subprograms, values & objects, and generic packages via formal parameters.

On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright <simon@pushface.org>
wrote:

>Doctor Who <doc@tardis.org> writes:
>
>> someone knows how to introduce the capabilities paradigm in Ada,
>> specifically for programs written using the Ravenscar profile ?
>
>Google hasn't helped me to understand what you're getting at. Perhaps
>you could expand?

wikipedia has a good explanation:
https://en.wikipedia.org/wiki/Capability-based_security

On Mon, 11 Oct 2021 08:48:53 -0700 (PDT), Shark8
<onewingedshark@gmail.com> wrote:

>On Monday, October 11, 2021 at 7:33:53 AM UTC-6, Doctor Who wrote:
>> Hello,
>> someone knows how to introduce the capabilities paradigm in Ada,
>> specifically for programs written using the Ravenscar profile ?
>I'm not quite sure what you mean by "capabilities paradigm", could you elaborate on it a bit.
>
>If my gut intuition is anything to go off of, you're referring to the ability to program against a type and operations thereon, correct?
>If so, then Ada has this in the form of Generics: you can pass types, subprograms, values & objects, and generic packages via formal parameters.

I am referring to capability-based security.

On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>On 11/10/2021 14:33, Doctor Who wrote:
>> Hello,
>> someone knows how to introduce the capabilities paradigm in Ada,
>> specifically for programs written using the Ravenscar profile ?
>>
>>
>
>Capabilities are just a set of operations that an object / user can
>perform, or not. So, it's merely a bitset. A bitset which can form
>derived bitsets.
>

no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security

On 11/10/2021 20:25, Doctor Who wrote:
> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
> <laguest@archeia.com> wrote:
>
>> On 11/10/2021 14:33, Doctor Who wrote:
>>> Hello,
>>> someone knows how to introduce the capabilities paradigm in Ada,
>>> specifically for programs written using the Ravenscar profile ?
>>>
>>>
>>
>> Capabilities are just a set of operations that an object / user can
>> perform, or not. So, it's merely a bitset. A bitset which can form
>> derived bitsets.
>>
>
> no it is another thing,
> https://en.wikipedia.org/wiki/Capability-based_security
>

I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services.

But as you didn't specify whether you wanted to map onto an existing OS'
capabilities or if you wanted to implement your own, I went with the latter.

On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>On 11/10/2021 20:25, Doctor Who wrote:
>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>> <laguest@archeia.com> wrote:
>>
>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>> Hello,
>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>> specifically for programs written using the Ravenscar profile ?
>>>>
>>>>
>>>
>>> Capabilities are just a set of operations that an object / user can
>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>> derived bitsets.
>>>
>>
>> no it is another thing,
>> https://en.wikipedia.org/wiki/Capability-based_security
>>
>
>I know what it is. It is still a set of bits, or, permissions, or
>capabilities. The capabilities are usually provided by the OS services.
>
>But as you didn't specify whether you wanted to map onto an existing OS'
>capabilities or if you wanted to implement your own, I went with the latter.

there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.

On 11/10/2021 20:50, Doctor Who wrote:
> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
> <laguest@archeia.com> wrote:
>
>> On 11/10/2021 20:25, Doctor Who wrote:
>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>> <laguest@archeia.com> wrote:
>>>
>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>> Hello,
>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>
>>>>>
>>>>
>>>> Capabilities are just a set of operations that an object / user can
>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>> derived bitsets.
>>>>
>>>
>>> no it is another thing,
>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>
>>
>> I know what it is. It is still a set of bits, or, permissions, or
>> capabilities. The capabilities are usually provided by the OS services.
>>
>> But as you didn't specify whether you wanted to map onto an existing OS'
>> capabilities or if you wanted to implement your own, I went with the latter.
>
> there isn't any existing OS that provides capability-security from the
> ground up, I intend to implement my own.
>

CapOS/KeyOS don't exist then?

Windows has capabilities.

Pretty sure iOS has them too.

On 12/10/2021 01:45, Luke A. Guest wrote:

> CapOS/KeyOS don't exist then?

Might be called KeyKos.

On Tue, 12 Oct 2021 01:45:40 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>On 11/10/2021 20:50, Doctor Who wrote:
>> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
>> <laguest@archeia.com> wrote:
>>
>>> On 11/10/2021 20:25, Doctor Who wrote:
>>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>>> <laguest@archeia.com> wrote:
>>>>
>>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>>> Hello,
>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>>
>>>>>>
>>>>>
>>>>> Capabilities are just a set of operations that an object / user can
>>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>>> derived bitsets.
>>>>>
>>>>
>>>> no it is another thing,
>>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>>
>>>
>>> I know what it is. It is still a set of bits, or, permissions, or
>>> capabilities. The capabilities are usually provided by the OS services.
>>>
>>> But as you didn't specify whether you wanted to map onto an existing OS'
>>> capabilities or if you wanted to implement your own, I went with the latter.
>>
>> there isn't any existing OS that provides capability-security from the
>> ground up, I intend to implement my own.
>>
>
>CapOS/KeyOS don't exist then?
>
>Windows has capabilities.
>
>Pretty sure iOS has them too.

only CapROS at the moment, KeyKOS only survives as an ancestor
reference to CapROS and Coyotos.

But Coyotos development has been sleeping for years now, and CapROS is
starting to revive only now.

But yes, I would chose CapROS now.

On Tue, 12 Oct 2021 01:47:28 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>
>On 12/10/2021 01:45, Luke A. Guest wrote:
>
>> CapOS/KeyOS don't exist then?
>
>Might be called KeyKos.

KeyKOS is the dead ancestor of EROS, Coyotos and CapROS.

GNOSIS was the ancestor of KeyKOS.

On Tue, 12 Oct 2021 04:29:42 +0200, Doctor Who <doc@tardis.org> wrote:

>On Tue, 12 Oct 2021 01:45:40 +0100, "Luke A. Guest"
><laguest@archeia.com> wrote:
>
>>On 11/10/2021 20:50, Doctor Who wrote:
>>> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
>>> <laguest@archeia.com> wrote:
>>>
>>>> On 11/10/2021 20:25, Doctor Who wrote:
>>>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>>>> <laguest@archeia.com> wrote:
>>>>>
>>>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>>>> Hello,
>>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Capabilities are just a set of operations that an object / user can
>>>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>>>> derived bitsets.
>>>>>>
>>>>>
>>>>> no it is another thing,
>>>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>>>
>>>>
>>>> I know what it is. It is still a set of bits, or, permissions, or
>>>> capabilities. The capabilities are usually provided by the OS services.
>>>>
>>>> But as you didn't specify whether you wanted to map onto an existing OS'
>>>> capabilities or if you wanted to implement your own, I went with the latter.
>>>
>>> there isn't any existing OS that provides capability-security from the
>>> ground up, I intend to implement my own.
>>>
>>
>>CapOS/KeyOS don't exist then?
>>
>>Windows has capabilities.
>>
>>Pretty sure iOS has them too.
>
>
>only CapROS at the moment, KeyKOS only survives as an ancestor
>reference to CapROS and Coyotos.
>
>But Coyotos development has been sleeping for years now, and CapROS is
>starting to revive only now.
>
>But yes, I would chose CapROS now.

I have participated to the development of Coyotos since 2000 until it
completely stopped in 2013.

On Tue, 12 Oct 2021 04:29:42 +0200, Doctor Who <doc@tardis.org> wrote:

>On Tue, 12 Oct 2021 01:45:40 +0100, "Luke A. Guest"
><laguest@archeia.com> wrote:
>
>>On 11/10/2021 20:50, Doctor Who wrote:
>>> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
>>> <laguest@archeia.com> wrote:
>>>
>>>> On 11/10/2021 20:25, Doctor Who wrote:
>>>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>>>> <laguest@archeia.com> wrote:
>>>>>
>>>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>>>> Hello,
>>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Capabilities are just a set of operations that an object / user can
>>>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>>>> derived bitsets.
>>>>>>
>>>>>
>>>>> no it is another thing,
>>>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>>>
>>>>
>>>> I know what it is. It is still a set of bits, or, permissions, or
>>>> capabilities. The capabilities are usually provided by the OS services.
>>>>
>>>> But as you didn't specify whether you wanted to map onto an existing OS'
>>>> capabilities or if you wanted to implement your own, I went with the latter.
>>>
>>> there isn't any existing OS that provides capability-security from the
>>> ground up, I intend to implement my own.
>>>
>>
>>CapOS/KeyOS don't exist then?
>>
>>Windows has capabilities.
>>
>>Pretty sure iOS has them too.
>
>
>only CapROS at the moment, KeyKOS only survives as an ancestor
>reference to CapROS and Coyotos.
>
>But Coyotos development has been sleeping for years now, and CapROS is
>starting to revive only now.

see the discussion here
https://groups.google.com/g/cap-talk/c/ThxbBiMcyFk/m/DnqbkZWGAQAJ

>
>But yes, I would chose CapROS now.

On 12/10/2021 02.50, Doctor Who wrote:
> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
> <laguest@archeia.com> wrote:
>
>> On 11/10/2021 20:25, Doctor Who wrote:
>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>> <laguest@archeia.com> wrote:
>>>
>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>> Hello,
>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>
>>>>>
>>>>
>>>> Capabilities are just a set of operations that an object / user can
>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>> derived bitsets.
>>>>
>>>
>>> no it is another thing,
>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>
>>
>> I know what it is. It is still a set of bits, or, permissions, or
>> capabilities. The capabilities are usually provided by the OS services.
>>
>> But as you didn't specify whether you wanted to map onto an existing OS'
>> capabilities or if you wanted to implement your own, I went with the latter.
>
> there isn't any existing OS that provides capability-security from the
> ground up, I intend to implement my own.
>
seL4? The whitepaper includes the proofs also.

On Tue, 12 Oct 2021 12:17:00 +0700, Richard Iswara
<haujekchifan@gmail.com> wrote:

>On 12/10/2021 02.50, Doctor Who wrote:
>> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
>> <laguest@archeia.com> wrote:
>>
>>> On 11/10/2021 20:25, Doctor Who wrote:
>>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
>>>> <laguest@archeia.com> wrote:
>>>>
>>>>> On 11/10/2021 14:33, Doctor Who wrote:
>>>>>> Hello,
>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>>
>>>>>>
>>>>>
>>>>> Capabilities are just a set of operations that an object / user can
>>>>> perform, or not. So, it's merely a bitset. A bitset which can form
>>>>> derived bitsets.
>>>>>
>>>>
>>>> no it is another thing,
>>>> https://en.wikipedia.org/wiki/Capability-based_security
>>>>
>>>
>>> I know what it is. It is still a set of bits, or, permissions, or
>>> capabilities. The capabilities are usually provided by the OS services.
>>>
>>> But as you didn't specify whether you wanted to map onto an existing OS'
>>> capabilities or if you wanted to implement your own, I went with the latter.
>>
>> there isn't any existing OS that provides capability-security from the
>> ground up, I intend to implement my own.
>>
>seL4? The whitepaper includes the proofs also.

eh yes, I forgot seL4, however it isn't much used I think

On Tuesday, October 12, 2021 at 1:42:27 PM UTC+7, Doctor Who wrote:
> On Tue, 12 Oct 2021 12:17:00 +0700, Richard Iswara
> <haujek...@gmail.com> wrote:
>
> >On 12/10/2021 02.50, Doctor Who wrote:
> >> On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
> >> <lag...@archeia.com> wrote:
> >>
> >>> On 11/10/2021 20:25, Doctor Who wrote:
> >>>> On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
> >>>> <lag...@archeia.com> wrote:
> >>>>
> >>>>> On 11/10/2021 14:33, Doctor Who wrote:
> >>>>>> Hello,
> >>>>>> someone knows how to introduce the capabilities paradigm in Ada,
> >>>>>> specifically for programs written using the Ravenscar profile ?
> >>>>>>
> >>>>>>
> >>>>>
> >>>>> Capabilities are just a set of operations that an object / user can
> >>>>> perform, or not. So, it's merely a bitset. A bitset which can form
> >>>>> derived bitsets.
> >>>>>
> >>>>
> >>>> no it is another thing,
> >>>> https://en.wikipedia.org/wiki/Capability-based_security
> >>>>
> >>>
> >>> I know what it is. It is still a set of bits, or, permissions, or
> >>> capabilities. The capabilities are usually provided by the OS services.
> >>>
> >>> But as you didn't specify whether you wanted to map onto an existing OS'
> >>> capabilities or if you wanted to implement your own, I went with the latter.
> >>
> >> there isn't any existing OS that provides capability-security from the
> >> ground up, I intend to implement my own.
> >>
> >seL4? The whitepaper includes the proofs also.
> eh yes, I forgot seL4, however it isn't much used I think
Has Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4?
I thought they use it for isolating their modem firmware from general OS.

On 12/10/2021 12:51, Richard Iswara wrote:

>>>> there isn't any existing OS that provides capability-security from the
>>>> ground up, I intend to implement my own.
>>>>
>>> seL4? The whitepaper includes the proofs also.
>> eh yes, I forgot seL4, however it isn't much used I think
> Has Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4?
> I thought they use it for isolating their modem firmware from general OS.
>

The biggest flaw in L4 I found is that sigma0 cannot claim memory back
from processes when it runs out. There was apparently work being done,
but I don't know if they did it.

On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
> >Doctor Who writes:
> >
> >> someone knows how to introduce the capabilities paradigm in Ada,
> >> specifically for programs written using the Ravenscar profile ?
> >
> >Google hasn't helped me to understand what you're getting at. Perhaps
> >you could expand?
> wikipedia has a good explanation:
> https://en.wikipedia.org/wiki/Capability-based_security
Ah.
Limited Private, unknown-discriminant types.

Package Capabilities is
-- Enumeration of the particular capabilities.
Type Capability is ( Read, Copy, Whatever );
-- A Boolean set for delineating a set of Capabilities.
Type Capability_List is Array(Capability) of Boolean;
-- An instance of a set of capabilities; note that:
-- (1) LIMITED means there is no predefined assignment/copy.
-- (2) PRIVATE means there is no public view to the components.
-- (3) Unknown discriminants mean there is no object-creation w/o a function-call.
Type Instance(<>) is limited private;
-- Create an instance; add any other needed parameters.
Function Create( Capabilities : Capability_List ) return Instance;
-- No permissions.
Function No_Permissions return Instance;
Private
Type Instance is record
Permissions : Capability_List:= (raise Program_Error with "Capabilities-Instance must be initialized.");
-- (others => False); -- Or maybe default to no permissions.
-- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID.
End record;

Function Create( Capabilities : Capability_List ) return Instance is
( Permissions => Capabilities );
Function No_Permissions return Instance is
( Create( Capability_List'(others => False) ) );
End Capabilities;

You could also extend things with a Task-ID, assuming you want this prevalent/pervasive across the OS, you could make a TASK INTERFACE with an accessor (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.Instance is (Capabilities.No_Permissions); -- Override to give permissions.) and/or possibly a registry to manage permissions (on a finer-grained level) if you need it. A lot depends on how you architect/model it, but the "limited private unknown-discriminant type" perfectly fits what you need at the fundamental levels.

On 12/10/2021 16:01, Shark8 wrote:
> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
>>> Doctor Who writes:
>>>
>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>> specifically for programs written using the Ravenscar profile ?
>>>

> Type Capability is ( Read, Copy, Whatever );

There can be a capabiity for literally anything, even ownership and can
be different depending on object/os service.

I'd say a tagged type is better than an enum.

On Tue, 12 Oct 2021 12:58:48 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>
>On 12/10/2021 12:51, Richard Iswara wrote:
>
>>>>> there isn't any existing OS that provides capability-security from the
>>>>> ground up, I intend to implement my own.
>>>>>
>>>> seL4? The whitepaper includes the proofs also.
>>> eh yes, I forgot seL4, however it isn't much used I think
>> Has Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4?
>> I thought they use it for isolating their modem firmware from general OS.
>>
>
>The biggest flaw in L4 I found is that sigma0 cannot claim memory back
>from processes when it runs out. There was apparently work being done,
>but I don't know if they did it.

in any case CapROS development is starting again and it promises to be
really interesting

On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
> On 12/10/2021 16:01, Shark8 wrote:
> > On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
> >> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
> >>> Doctor Who writes:
> >>>
> >>>> someone knows how to introduce the capabilities paradigm in Ada,
> >>>> specifically for programs written using the Ravenscar profile ?
> >>>
> > Type Capability is ( Read, Copy, Whatever );
> There can be a capabiity for literally anything, even ownership and can
> be different depending on object/os service.
>
> I'd say a tagged type is better than an enum.
Possibly.
But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.)

On 12/10/2021 16:33, Shark8 wrote:
> On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
>> On 12/10/2021 16:01, Shark8 wrote:
>>> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
>>>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
>>>>> Doctor Who writes:
>>>>>
>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>
>>> Type Capability is ( Read, Copy, Whatever );
>> There can be a capabiity for literally anything, even ownership and can
>> be different depending on object/os service.
>>
>> I'd say a tagged type is better than an enum.
> Possibly.
> But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.)
>

Capabilities allow granting and revoking of access, iirc, the kernel has
access to all, the kernel then grants access to certain processes, i.e.
memory server, filesystem server, etc. each of those processes can
further grant and revoke caps.

On Tue, 12 Oct 2021 16:43:07 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:

>On 12/10/2021 16:33, Shark8 wrote:
>> On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
>>> On 12/10/2021 16:01, Shark8 wrote:
>>>> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
>>>>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
>>>>>> Doctor Who writes:
>>>>>>
>>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>>
>>>> Type Capability is ( Read, Copy, Whatever );
>>> There can be a capabiity for literally anything, even ownership and can
>>> be different depending on object/os service.
>>>
>>> I'd say a tagged type is better than an enum.
>> Possibly.
>> But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.)
>>
>
>Capabilities allow granting and revoking of access, iirc, the kernel has
>access to all, the kernel then grants access to certain processes, i.e.
>memory server, filesystem server, etc. each of those processes can
>further grant and revoke caps.
>

thank you all for the help, I hope this discussion goes far.
the most useful approach is the microkernel, where access to, and
operation of, each service is mediated by capabilities.

I would go so far to define and implement a capability-based
microkernel written in Ada using the Ravenscar profile.