C-lists (and capabilities)

A C-list was a finite sequence of capabilities. A capability was a system maintained, unforgeable, authorization. Many capabilities contained pointers to the representations of system maintained objects, such as files and event channels, and authorized some actions to be performed on those objects.

• A capability contained three components:
• a type,
• a set of option bits,
• and a value.

In the case of capabilities which contained pointers to system maintained objects, the type identified the type of the object, the option-bits defined actions authorized through this capability and the value was a pointer to the object representation. For capabilities which did not contain pointers to system maintained objects, the type and option-bit components performed functions similar to those components in pointer capabilities. In order to perform a system action, a program presented indices to one or more capabilities within its subprocess's local C-list. These capabilities, in turn, defined the action to be performed and the objects on which to perform it. Before performing the action, the capabilities presented were checked for proper type and suitable option-bits. (For more details, see operations.) Available actions provided facilities for storing capabilities in C-lists other than in the subprocess's local C-list. These actions permitted copying capabilities between other C-lists and the local C-list. They also permitted an indirect specification of a capability to be used in an action: two indices would be given, the first within the local C-list to name a remote C-list, and the second to specify a capability within the remote C-list. Other actions permitted the construction and destruction of C-list.