<< Previous <<         [Session1 Index]            >> Next >>


Authority: the access rights in a capability. Or: in the base case where the reference is the capability, the set of methods in a referenced object for which the referenced method must reach "outside" to fulfill the purpose of the method.

Capability: combination of an reference and access rights. In Java, use base case with facet patterns.

Confinement: preventing an object from leaking capabilities and/or information

Convey: A capability conveys authority over the object it represents

Covert channel: a method of passing information from one program to another using hardware and OS performance characteristics. For example, by causing the machine disk access to slow dramatically by thrashing the disk, using a code of on/off thrashing periods, one could very slowly transmit information, bit by bit, to another program, without a direct capability.

E: Set of enhancements to Java supplied by Electric Communities which supplies, among other features, capability-based security.

Facade: an object that represents other objects in a design pattern

Facet: a facade that represents one other object with a restricted set of capabilities

Guest Code: code running on your machine that is not necessarily yours and not necessarily trusted

Host Code: code that you trust because you control physical access to the machine, typically the operating system for your computer.

JVM: Java Virtual Machine, the part of the Java system you run on your client computer that executes the Java code, and enforces Java-style "sandbox" security with fierce and inflexible restrictions, such as the denial of the ability to write a file.

Ticket: An object that proves that you have the authority to access a certain capability: you hand the ticket to a "gatekeeper" object in order to use the capability. Tickets and gatekeepers are not usually necessary when using Java and E.