[cap-talk] Delegating Responsibility in Digital Systems: Horton's "Who Done It?"
Mark S. Miller
markm at cs.jhu.edu
Mon May 28 23:23:35 EDT 2007
Mark S. Miller wrote:
> Charles Landau wrote:
>> What if B happens to have a getGuts method and A says b.getGuts()? It
>> appears that P1 won't forward that. I can see how to fix this, but
>> your simplified code doesn't do it.
>>
>> At line 03, P1 calls an arbitrary capability passed by A. It might be
>> wise for P1 to use a primitive such as MyCap? to ensure it is talking
>> to another proxy.
>
> Weasel words added:
>
> "P1 asks for the value of P2’s stub and whoBlame fields, which hold S2 and
> Carol’s Who (03–05). (To protect against misbehaving app-objects, P1 actually
> does this by rights amplification[11] rather than the getGuts message shown
> here.)"
<http://www.erights.org/elib/capability/horton/amplify.html> is our test case
altered to use rights amplification rather than the getGuts method. In this
version, I believe the proxy objects are protected from misbehavior by the
app-objects.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list