[cap-talk] Selling capabilities programming
James A. Donald
jamesd at echeque.com
Wed Jul 25 21:46:33 EDT 2007
Sandro Magi wrote:
> Making the data capability "non-durable" recovers some
> usefulness from such systems, but the complexity
> inherent to such an approach seems insurmountable to
> me at the moment.
The example case where capabilities are compellingly
useful is the case of a powerbox granting file access to
a particular file - and such a capability should be
inherently transient - indeed it should not be possible
for a powerbox to create and issue durable capabilities
- there should be no general mechanism available to
represent a communicable permission that is not
transient. Any situations, as with the logon problem in
file sharing which arguably does indeed need durable
secrets, should be special case solutions with special
case code designed to deal with the problems and
necessities of each particular troubling and difficult
case.
More information about the cap-talk
mailing list