[cap-talk] OOUI (was: Re: Lampson: Principle Of Least Privilege as damaging)
Jed Donnelley
jed at nersc.gov
Mon Apr 7 14:14:08 CDT 2008
On 4/7/2008 10:01 AM, ihab.awad at gmail.com wrote:
> ...If you don't have an OOUI, which implies a foundationally OO
> system underneath, how can you have manageable ocaps?
Isn't this what power boxes (e.g. PLASH, CapDesk, etc.) are for?
The key insight there I believe was that the user interface
(nominally an open 'file' window) can remain essentially
the same but mean something quite different with a
"foundationally OO system underneath" as you say. It
changes from:
Current/ACL: I, your program, who can access any of
your resources and do anything to them that I wish
because I am acting with your authority, am
condescending to let you designate an object (file)
where you would like me to focus my all powerful
work on your behalf.
vs.
OCap: I, your program, would be happy to do your
bidding with the limited resources that I have
available, but if you want to give me an object
(file) to work on, you will have to have your
power box grant it to me.
The user interface is the same, but the meaning
is quite different.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list