[cap-talk] [tahoe-dev] Fwd: Don't put capabilities in argv?

Rob Meijer capibara at xs4all.nl
Sun Jul 13 09:05:55 CDT 2008

On Sun, July 13, 2008 14:26, Toby Murray wrote:
> On Sun, 2008-07-13 at 13:04 +0200, Rob Meijer wrote:
>> On Sun, July 13, 2008 11:37, Toby Murray wrote:
>> > Zooko, are tahoe "aliases" petnames for capabilities?
>> > That would appear to be the best way to go about providing a safe way
>> > for users to manage their capabilities.
>> This confuses me.
>> Wouldn't the ability to use petnames between entities imply a shared
>> scope? If so it would seem like the medicine would be worse than what it
>> is trying to cure.
>>From http://allmydata.org/trac/tahoe/browser/docs/CLI.txt?rev=2621
>> In fact, each tahoe node remembers a list of starting points, named
>> "aliases", in a file named ~/.tahoe/private/aliases . These aliases
>> are short strings that stand in for a directory read- or write- cap.
>> The default starting point uses an alias named "tahoe:".
> There is no sharing as such because these names are not used between
> entities, but only between the various tahoe tools being run by the same
> user.

Thank you for identifying the source of my confusion.

It is hard to structure my thinking  when talking in equal term about
systems that have 'entity' defined at different levels of granularity
and/or persistence.

Let s see if we can get the picture clear:

  System  |    Entity      |  Persistence
 Tahoe    |     user       |     yes
 Plash/   |    process     |      no
 Capdesk  |                |
 MinorFs  |    process     |     pseudo
MinorFs + |                |
persistent|    process     |      yes
language  |                |
 EROS/    |    process     |      yes
  etc     |                |

Have I got this picture right?
Geting this picture right is I think essential (at least to me)
in order to fully understand each other.


More information about the cap-talk mailing list