I just read here Distributed System Daemons: More Than a Twinkle in Goblins' Eye — Spritely Institute, that a secure kernel lambda calculus and the scheme actor model are related (and partly explain Spritely’s choice for scheme).
I’d be very grateful if someone can summarize me how this fits together 
I’m intrigued.
The tl;dr is that Scheme was originally developed as an exploration of the actor model intermixed with lambda where it was discovered that they are essentially the same thing and then later it was demonstrated that lambda + lexical scope can form the kernel of a secure computing environment. If you have a reference to an object, you can use it. lambda is a first-class data type, so you can pass around functions (or actors) as capabilities. Lexical scoping removes the ambient authority of dynamic scoping. lambda binds it all together, and Scheme is one of if not the best language for exploring what you can do with it.
If you haven’t read it yet, do read the “Acknowledgements” section of MIT AI Memo 349 that you linked above.
Thanks for clarifying Dave!
After reading a bit of the secure kernel report, I think I understand the idea. Tell me if I’m wrong. The main idea is to model actors as closures. Closures are procedures together with their evaluation environment. Thus having lexical scoping allows you to isolate actors and protect them from accessing each other’s resources. Resource sharing can also be done by allowing dynamical scoping on a portion of the environment.
There is also a mention of using signatures but I’m not sure how this is used.
Also they are using Scheme 48, which is Pre-Scheme’s ancestor if understand it, right ? So Pre-Scheme is the modern version of this secure kernel ?
How is Goblins making use of this idea ?
Btw is lexical scoping essentially the same as call-by-value ? Or is there a subtle difference ?
Pre-Scheme was created to implement Scheme48. The revived Pre-Scheme effort is a whole other chronicle which started with Christine musing about a native-compiling Guile on the Fediverse.
As to how Goblins is making use of the ideas of “Security Kernel” - Goblins weds the ideas of that paper with ocaps, both from closely related research lineages. Essentially, Goblins takes the observations about the inherent security of Scheme from “Security Kernel” and uses them to build an ocaps environment at the library level. Spritely also plans to lower these ideas to the language level with Oaken.
Lexical scope and call-by-value are concerned with different questions. Call-by-value versus call-by-reference is about what a reference to an object is – say, how a given data type is passed to a function. Is the value copied into the function, or is it a pointer? Lexical scope versus dynamic scope is about where a reference to an object is – which code can see it and manipulate it.
I see. Everything makes much more sense now. Thanks juli !