[cap-talk] Is "Authority" Subjective?
Toby Murray
toby.murray at comlab.ox.ac.uk
Fri Jun 22 10:08:40 EDT 2007
On Fri, 2007-06-22 at 09:37 -0400, Jonathan S. Shapiro wrote:
> Toby:
>
> I'm not familiar with CSP, but I think that your question derives from
> an oversimplified model.
>
> If I understand your CSP model (remember: I don't know CSP), it is
> describing a DFA. There are four system states as follows:
>
> S1: a1 -> S2
> b -> STOP
> S2: a2 -> S3
> S3: b -> STOP
> STOP: <>
>
> What you have here is actually an operational semantics where each
> operation is preconditioned on the system being in the correct state.
>
> The problem with your question is that Alice and Bob cannot, by
> definition, be distinct subjects, because their actions are updating the
> same system state variable.
I don't see why this precludes them being distinct subjects. Can you
explain further?
What if the system has a third subject, Carol, and we rename the events
as follows so that P becomes:
P = aliceInvokesCarol -> carolRespondsToAlice -> bobInvokesCarol -> STOP
[]
bobInvokesCarol -> STOP
This models Bob being unable to invoke Carol while she is invoked by
Alice. Alice's events are now shared with Carol and likewise for Bob's
events.
Does that remove the problem you raise above, which I'll admit I don't
grasp. My question still remains valid for the modified example but is
now rephrased as "Should we say that Alice can cause Bob to invoke
Carol?"
> For contrast, if you look at the SW model, you will see that there is
> really only one system state. All actions are possible at all times, but
> only if the subject satisfies the required preconditions. In that model,
> the notion of "subject" is captured by the relation between processes
> and caps.
While I see a difference, yes, I can't see how it precludes Alice and
Bob being distinct subjects on my model. That said, thanks very much
for taking this up. I'm hoping we can dig a bit further here.
Cheers
Toby
More information about the cap-talk
mailing list