| ▲ | ambicapter 4 days ago | |
Could I get some examples? I'm interested in learning more. | ||
| ▲ | kentonv 3 days ago | parent | next [-] | |
Cloudflare Workers is a big on capabilities. The recently released Dynamic Workers directly provides an API for capability-based sandboxing: https://developers.cloudflare.com/dynamic-workers/usage/bind... But the platform has used caps internally all along. Cloudflare makes heavy use of Cap'n Proto (https://capnproto.org/), a capability-based RPC protocol, and recently released Cap'n Web (https://capnweb.dev/), a JavaScript-oriented version of the same idea. The "Cap'n" in both is short for "Capabilities and". (Dynamic Workers sandboxing is based around Cap'n Web capabilities.) Most successful sandboxes use capabilities, though it's not often something you hear about. Android's IPC system, Binder, is a capability system. And Chrome has a capability-based IPC system called "Mojo". Capabilities really shine when used for sandboxing, but here's a blog post I wrote that tries to explain the benefits beyond sandboxing: https://blog.cloudflare.com/workers-environment-live-object-... (I am the lead developer of Cloudflare Workers, and the creator of Cap'n Proto and Cap'n Web.) | ||
| ▲ | wmf 4 days ago | parent | prev | next [-] | |
| ▲ | davexunit 4 days ago | parent | prev | next [-] | |
| ▲ | als0 3 days ago | parent | prev | next [-] | |
Implementations include seL4, Barrelfish, Google Fuchsia OS, Capsicum, and a slew of research systems too long to list. It's also worth checking out tangential things like the E programming language and Google's old Caja project. | ||
| ▲ | Icathian 4 days ago | parent | prev | next [-] | |
Cloudflare's developer platform uses them. That's what their "bindings" are. | ||
| ▲ | aerzen 3 days ago | parent | prev [-] | |
CapNProto RPC protocol | ||