Things to do with a Capability System

The Personal Computer

Here are some features that would be easy to implement with a personal computer or PDA, if there were a capability system at the foundation of the software. I will try here to avoid jargon that pervades the section of this site that deals extensively with capabilities.

Virus Resistant: Just about all of the famous viruses exploit the infinite authority granted any program on a current operating system for a PC. Early adopters of a capability system would benefit from lack of viruses designed with such systems in mind. This is an unfair advantage—it would not last. Few programs that we fetch from the net or receive in e-mail need to do more than amuse us with pictures and sounds. Java does this pretty well. For those that need more access to serve us, the user can explicitly give access to those facilities that he trusts the program to use.
Confinement: It would be nice to arrange that what we told a guest program was not communicated outside our machine.
Persistent Applications: This is a dig at the chaos that often prevails as you install a new application and thereby wipe out some other software. An attendant problem is when you upgrade software and find that the new version decommitted some feature that you need and there is no way to go back. In a capability system the installation code for the application would lack the authority to damage other applications or the work products of the older version of the app.
Concomitantly the application designer is in a better position to warrant that his application will perform as advertised and furthermore continue to do so. No software builder would dare to warrant this today because software so often fails due to bugs in other software.
Pay as you Go *: It would be nice to pay a small amount for a small amount of service from some expensive application. If you want just two special characters in a scalable font you should not need to buy a thousand dollar package. If you want to integrate an occasional function, you might not need to buy a $1800 copy of Mathematica.
Secure place for your private key *: Personal computers are currently not a secure place to keep the private key that matches your public key, even if it is encrypted while not in use or hidden on a PCI card.

The functions followed by an asterisk require a degree of tamper resistance.

The secrets that a doctor must keep may be much like those that a personal computer must keep.