[cap-talk] A challenge for membranes
Mark Miller
erights at gmail.com
Mon Feb 18 10:00:38 EST 2008
I am having trouble understanding what kind of graph of policy
expressions you are thinking about. Do you have a motivating example
in mind?
On Feb 18, 2008 6:38 AM, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> There is a problem with the membrane pattern that I do not recall seeing
> discussed.
>
> A membrane implements a single (set of) policies. To the extent that it
> does so, it implements the interests of some particular "manager" of a
> collection of rights.
>
> A single process may participate in operations where restrictions
> imposed by multiple managers may need to be respected.
>
> In consequence, it does not seem to me that the "cell" guarded by a
> membrane can successfully be viewed as an undivided entity.
>
> This raises a design challenge:
>
> 1. In order for a membrane to operate properly, it must impose
> a boundary that can only be crossed by traversal of that membrane.
> This can be generalized to strictly hierarchical arrangements of
> membranes, but not to general graphs of membranes.
>
> 2. In any situation requiring that multiple membranes be honored
> simultaneously, a general graph appears to be required.
>
> Is there any reason to believe that this apparent conflict is
> resolvable?
>
>
> shap
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list