[cap-talk] Selling capabilities programming
James A. Donald
jamesd at echeque.com
Fri Jul 20 04:35:40 EDT 2007
--
James A. Donald wrote:
>> Envisage the user interface for your scheme, and how
>> your mother in law is going to use it.
Karp, Alan H wrote:
> Perfect example. MarkM did a test on his mother.
> Since he's not participating in the discussion, I'll
> tell his story. I'm sure he'll jump in and correct me
> if I get something wrong.
This was not the scheme I was referring to.
The issue in question was protected capabilities. The
use case you give fails to distinguish between protected
and unprotected capabilities - shows the need for
capabilities, but fails to show a need for protection of
capabilities, or the ability of MarkM's mother to
comprehend or utilize protection of capabilities.
Further, protected capabilities become complicated and
expensive to implement in the network case, not the
single processor single machine case, so the question at
issue is: Are protected capabilities useful to MarkM's
mother when dealing with an application over the
network? They don't cost us anything, and might give us
something, in a single processor single computer system,
but need a considerably stronger justification over a
network.
So here is the question: Aunt Vera is on her home
network, interacting with a program on one of her
computers, through a window on another of her computers.
One of the windows represents a powerbox. She wants to
access a file on little Jonny's computer. She has
permission to access the directory on little Jonny's
computer, and needs to delegate that permission to the
program she wants to use to open the file. There are
three computers in this story. What do protected
capabilities give her, that sparse capabilities do not
give her?
More information about the cap-talk
mailing list