[cap-talk] Persistence as a cap value
James A. Donald
jamesd at echeque.com
Thu Mar 20 16:11:19 EDT 2008
James A. Donald:
>> So when the user invokes a project file, what should
>> happen, to ensure that all software must follow the
>> behavior that good software should follow, is that a
>> privileged and trusted program should open the programs
>> listed in the project file with capabilities to access
>> the files listed in the project file.
Sam Mason wrote:
> But how does the project file remember what permissions it has?
I have explained in specifics, and it did not seem to register, so now I
will once again try explaining in generalities:
What I have just described is a particular example of the powerbox user
interface pattern. That should answer your question. If it does not,
think again on the words "Powerbox user interface pattern".
The problem to be solved is deriving permissions from user intent,
ensuring that permissions correspond to user intent. The powerbox user
interface pattern is the solution to this problem. Capabilities need
to be transient, because user intent is transient. Capabilities are
primarily valuable as an implementation of the powerbox user interface
pattern, for the powerbox user interface pattern is a solution to the
virus and trojan problem, whereas other applications of capabilities
such as Horton are not in themselves a solution to this problem, but
only a solution as part of the powerbox user interface pattern.
More information about the cap-talk
mailing list