Mark Miller’s thesis makes explicit much that was implicit in the Keykos design. The best rhetorical phrase may be Cooperation without Vulnerability (too). This phrase is to describe partial reliance of one software component upon another. One software component may have several goals and some goals must rely on satisfactory behavior of another component X, a subcontractor while other goals should not. Capabilities generally provide such patterns of partial success in the face of failure of subcontractors.

One particular failure mode that Keykos applications may be programed to survive is certain sorts of resource exhaustion wherein a subcontractor consumes too much space or too much time. The Keykos spacebank can be used to limit the space of a subcontractor but more important to ensure space for the main application component. Likewise the meter construct can be used to reserve sufficient time.

The short rhetoric for this note is:

Keykos addressed this problem by reifying resources in sorts of capabilities.
Flexibility of space; time dependent etc.
Space and time as provided by banks and meters are perhaps an inadequate characterization of resources.