[cap-talk] EQ and the GrantMatcher (was: EQ and the object-cap model)
tribble at e-dean.com
Mon Dec 11 03:51:27 CST 2006
On 12/10/06, Charles Landau <clandau at macslab.com> wrote:
> At 2:56 PM -0500 12/10/06, Jonathan S. Shapiro wrote:
> >A proxy object should
> >definitely be EQUAL? to the object it wraps.
> >Therefore, a revocable proxy should be considered EQUAL? prior to the
> >moment it is revoked.
> I'm glad you clarified that, because I too had assumed the opposite.
An interesting issue. Similarly, two remote references that follow
different paths might be considered equal until network partition. One of
the main problems with a general concept of equality is that equality tends
to be specific to a perspective. The proxy and object are equal from a
client's perspective, but not from the comm system' perspective.
I can't think of much use for an equality operation that isn't
> durable. For example, it wouldn't satisfy the requirement of the
> Grant Matcher, which is the only example we have that everyone seems
> to agree needs EQ.
The GrantMatcher does not require EQ. As noted at the bottom of
http://www.erights.org/elib/equality/grant-matcher/history.html, it can be
done using just sealers/unsealers (which in turn can be implemented with
integer compare or less, as discussed here
As I vaguely recall the approach, in the Grant Matcher example:
1. Alice and Dana provide capabilities to their respective charities.
2. The GrantMatcher (GM) creates a new sealer pair for the transaction, and
seals the donation purse in it.
3. GM sends the sealed purse to Alice's charity.
4. GM sends the unsealer to Dana's charity.
5. if the two charities were the same, it receives both the sealed purse and
the unsealer, and can extract the donation.
So does that mean we are back to the blissful state of having no examples
that absolutely require EQ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk