The representation of the capability can be spelled out in the hard-copy documentation for the server; this will probably just be a huge hexadecimal nubmer, so it will be inconvenient. Perhaps the best solution would be to have an include file available to programmers, where the include file contains the declaration of a global constant containing the required value.
a) Does Amoeba allow this? How?
Amoeba definitely allows capabilities for segments, but these are only used to refer to the segment when it is not in the address space of the user; once a segment is opened in the user's address space, the capability is no longer necessary for access.
b) Could Multics be modified to use this model, completely eliminating the need for a Multics-style directory hierarchy.
Server-side authentication for capabilities that refer to segments in memory is certainly possible, so this scheme would probably be applicable to a Multics-like system.
The classic garbage collection algorithm assumes that the collector can find and follow all pointers in the reachable universe. Amoeba capabilities are effectively pointers, but because they may be arbitrarily mixed with user data, including being stored on disk, the system cannot guarantee its ability to find and follow them, and because their interpretation is in the domain of many independent servers, there is no uniform system for determining what they refer to.
b) Is the Amoeba solution guaranteed to eventually collect all unreachable objects? Why or why not?
The Amoeba system relies on the servers to cooperate, and since the servers are independently written components, they need not cooperate. However, if a server implements the expected semantics of the age operation, it will indeed collect everything.
b) Is the Amoeba solution guaranteed to never collect all reachable objects? Why or why not?
The Amoeba system relies on the servers to cooperate, and since the servers are independently written components, they need not cooperate. Even if a server implements the expected semantics of the touch operation, it relies on users to touch their objects from time to time. Thus, even if the server works as expected, it relies on active help from the user, something the user may well not do.
Note that the answers to a and b above must both be yes if Amoeba is to be considered formally correct, in the sense that the mark-sense algorithm can be considered to be correct.
And indeed, Amoeba's storage reclamation scheme, while very useful, is not formally correct.