[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
ihab.awad at gmail.com
ihab.awad at gmail.com
Mon Sep 17 18:05:43 EDT 2007
On 9/17/07, Ka-Ping Yee <cap-talk at zesty.ca> wrote:
> 2. The user has to have a way to review the abilities of other
> actors. (This relieves the user of an unrealistic memory burden.)
Ok, I think I get it. So the abilities of an actor can be computed
transitively, and presented in some way, allowing me to decide whether
the "Financial Data 2007" actor should be able to "Send data to
evil.com". And my worry, that the full consequences of these abilities
cannot be grokked by the end-user, is addressed by the fact that these
abilities are chased down transitively to the point where they
represent "leaf nodes" (like the sending mail example) that are
sufficiently general and easy for me to understand.
Ihab
--
Ihab A.B. Awad, Palo Alto, CA
More information about the cap-talk
mailing list