[cap-talk] Authority is always potential (was: Re: Reinterpreting POLA...)
Mark Miller
erights at gmail.com
Thu Sep 20 00:16:10 EDT 2007
On 9/19/07, Mark Miller <erights at gmail.com> wrote:
> For a given system and a given stakeholder, that stakeholder
> will rely upon some objects to constrain the behavior of other objects
> they don't rely upon.
My message was way too abstract/obtuse. Let's return to our canonical example:
Once Alice sends the revoke() message, Alice relies on the Caretaker
to deny Bob the authority to invoke Carol. If it's a simple Caretaker,
Alice also relies on Carol not to have returned herself to Bob or have
provided herself to one of Bob's arguments. Alice's concern is with
Bob's authority, because, of the things Bob might do, she doesn't know
which he will do. To the extent Alice believes her model of the
Caretaker is accurate, she doesn't care what authority the Caretaker
*has*, she only cares what authority the Caretaker provides to Bob.
Alice needs to ask the authority question exactly where it's
meaningful to ask such a question -- for the objects whose she does
not control.
If Alice is unsure whether her model of the Caretaker is correct, she
can separately ask what authority it has. To ask this question, she
separately models the scenario as one in which the Caretaker, like
Bob, is a non-relied-upon object.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list