Resource Access Control in a Network Operating System

Computer systems being incorporated into mature support networks are facing a substantial protocol-implementation effort in granting controlled access to their resources and in obtaining access to network-supplied resources. This protocol-implementation effort can be significantly reduced by use of resource-sharing protocols that are independent of specific resource semantics. A capability-passing model for distributed access control is described and several capability-management protocols are discussed. Highlights of the discussion include the inalienable right to pass capabilities, capability theft through data theft and reflection, capability management by public key encryption, a capability passing structure, and resource sharing with integrated network directories. 9 figures, 2 tables.