[cap-talk] Delegating Responsibility in Digital Systems: Horton's "Who Done It?"
David Hopwood
david.hopwood at industrial-designers.co.uk
Thu May 17 04:24:10 EDT 2007
Jed Donnelley wrote:
> For example, consider this difference between stack walking and
> a capability system that David Hopwood noted recently:
>
> " - in a pure capability system, an invoked object *cannot* determine the
> identity of any of its invokers (except indirectly by knowing which
> subjects might possess a reference to it)."
>
> As we see with Horton, this is still strictly true. The invoked
> object C can't determine the "identity" (whatever that means in
> this context) of A or B, but it can determine an identity
> label.
I should have been more precise here; I meant "an invoked object
*cannot* determine the subject identities of any of its invokers (...)".
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list