[cap-talk] Abstractions that subsume capabilities
Sandro Magi
naasking at higherlogics.com
Sun Mar 9 15:31:34 EDT 2008
Kevin Reid wrote:
> On Mar 9, 2008, at 13:00, Sandro Magi wrote:
>
>> There are other considerations, true. I would want the filesystem root
>> to be encapsulated within the monad, thus enabling more modular
>> patterns
>> ("FileSystem" is a private namespace). I think this is a question of
>> modularity as much as access control. I imagine my structure would be
>> similar to yours, where the filesystem must be an explicit parameter
>> like your World.
>
> I think you're suggesting a dynamically scoped filesystem root. This
> is a bad idea because dynamic scope follows control flow rather than
> explicit authorization.
I'm suggesting a FileSystem is like an E directory, a private namespace,
and that a directory object can still perform getParent() operations.
There is no global FileSystem object, and no dynamic scoping. It's all
standard parameter passing. Something like:
getDir: FileSystem -> String -> Directory
chroot: Directory -> FileSystem
getFile: Directory -> String -> File
getParent: Directory -> Maybe Directory
Sandro
More information about the cap-talk
mailing list