[cap-talk] A challenge for membranes
Jonathan S. Shapiro
shap at eros-os.com
Mon Feb 18 10:51:47 EST 2008
On Mon, 2008-02-18 at 07:00 -0800, Mark Miller wrote:
> I am having trouble understanding what kind of graph of policy
> expressions you are thinking about. Do you have a motivating example
> in mind?
Not specifically, but perhaps something along the following lines will
provide a starting point:
1. We wish to design a set of membranes corresponding to principals.
2. We with shared subsystems to work sensibly (a la my hybrid
capability DB scenario).
3. We wish to impose a lattice style information flow policy.
I'm not sure that's a good use case. What I'm after is a use case in
which you have two policies, where one is cross-cutting w.r.t. the
other. By "cross cutting" I mean that they can't be handled by (a)
simple intersection, or (b) strictly hierarchical containment
constructions.
I suspect that shared subsystem scenarios can lead to this issue fairly
quickly.
shap
More information about the cap-talk
mailing list