Abstractly a user must have a key which designates a meter. Each meter has a limit which is a variable non-negative real number. There is one special (primordial) meter with no limit and which needs no key. Each meter itself has a key to a ‘superior’ meter. To use the resource a meter key is necessary and sufficient. Any usage goes against the limit in the designated meter and recursively the superior meters. This chain must terminate in the primordial meter. Authority is distributed somehow to mechanisms that can read and write the individual meter limits. It is widely possible to create new meters given a meter key to serve to designate its superior meter.
Notably absent is the restriction that the limits in meters inferior to a meter X sum to less than the limit in X. Thus the title ‘OverAllocation’. Some resource allocation is like borrowing as when the Keykos space bank sells a page (for data) whence the limits go down. The page can be sold back to the bank whereupon the limits of the bank increases again.
Authority over the mechanisms that govern the limits is distributed to those with responsibility of limiting allocation. Keykos uses this pattern in two contexts:
The applications I have seen had until recently were put in place because the resource was dear. It allows mission critical applications to be assured of necessary resources. Two more reasons have recently popped up: