[cap-talk] Authority vs. Information Flow
Toby Murray
toby.murray at comlab.ox.ac.uk
Sun Feb 17 19:10:17 EST 2008
On Sun, 2008-02-17 at 22:08 +0000, Karp, Alan H wrote:
> David Wagner wrote:
> >
> > Also I think to fully model this situation you may need a notion
> > of time, and then you might find that Alice does have authority
> > because she can control the timing at which the change to the file
> > is visible to others.
> >
> As I've been reading this thread, I've been thinking the same thing. Much of the discussion seems to arise when the configuration changes. The simplest case is dropping an object reference. Before Alice had the authority of that object; after, she does not. We can't answer the question "Does Alice have the authority?" unless we know which state we're asking about. We have already said that we have to accept conservative bounds on authority unless we analyze the behavior of the objects. Do we have to add the phrase "over time" to that statement?
>
I'm not only interested in what Alice can cause in the current state,
but what she could conceivably cause in any future state too. This is
surely the safest way to gauge authority.
More information about the cap-talk
mailing list