[cap-talk] Manipulating an object with a secondary reference
micahbro at csail.mit.edu
Mon Nov 13 20:28:12 CST 2006
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Charles Landau
> Sent: Sunday, November 12, 2006 4:37 PM
> To: General discussions concerning capabilitysystems.
> Subject: Re: [cap-talk] Manipulating an object with a
> secondary reference
> At 3:00 PM -0500 11/12/06, Micah Brodsky wrote:
> >I've got a simple patters question: What's a good way to
> manipulate an
> >object when named by a weak capability but when the necessary access
> >permissions are provided by a different, stronger capability?
> You are asking about "rights amplification", and there are
> discussions of it at http://www.cap-lore.com/CapTheory/Amplify.html
Yes, that looks about right. Thanks!
> >Should you just dig through your own
> >capabilities hunting for an applicable one?
> As mentioned at the cap-lore link, you could do that, but
> capability systems implement other mechanisms to do the
> equivalent more efficiently.
I did a bounded depth first search of sorts from that link, and it helped a
lot, but I'm still a bit unclear on how you actually implement a
synergy-style rights amplification mechanism -- i.e. how you implement the
magic black box that can pull out a more powerful capability. Do you do
things like have a method on the weaker capability that takes in a "synergy
partner" capability, does some sort of equality or instance-of test on it,
and then returns the more powerful facet of itself?
"In summary the domain creator performs synergy by invoking a synergy
function of a more primitive object. In general this pattern continues until
an object, such as a kernel object, is reached that is not constrained by
capability discipline. Such programs are generally entrusted to enforce such
discipline." from http://www.cap-lore.com/CapTheory/Synergy.html leaves me a
little unclear as to how this recursion bottoms out! :)
More information about the cap-talk