[cap-talk] Persistence as a cap value

James A. Donald jamesd at echeque.com
Thu Mar 20 16:29:18 EDT 2008 

James A. Donald :
 >> A project file means that the user *decides* what
 >> goes into the project. It is a third form of the
 >> powerbox user interface pattern.
 >>
 >> Just as one needs trusted software for file
 >> selection, which grants capabilities to less trusted
 >> software, one similarly needs trusted software to
 >> manage a project file, which grants capabilities to
 >> less trusted software:  A project file typically
 >> consists of a list of files, and programs to be
 >> invoked accessing those files.  The programs to be
 >> invoked do not need to be trusted and do not need,
 >> and should not have, durable capabilities to access
 >> those files.
 >>
 >> So when the user invokes a project file, what should
 >> happen, to ensure that all software must follow the
 >> behavior that good software should follow, is that a
 >> privileged and trusted program should open the
 >> programs listed in the project file with capabilities
 >> to access the files listed in the project file.

Sandro Magi wrote:
 > This is exactly what I described. Powerbox session
 > state = your project file.

As I understood your proposal it does not necessarily
have trusted user interface for managing the list of
files, therefore powerbox session state does not
necessarily provide user control, or reliably reflect
user intent.  But perhaps by "powerbox", you implied the
powerbox user interface pattern.

The user should see and manage the list of files in a
standard interface that is the same for all the
different kinds of projects, much as the file open
dialog, and the software that brings up the file open
dialog, is the same for all the different kinds of
software, no matter what it intends to do with that
file.

In the bad old days, each program had its own unique
file open dialog.  We now realize this was wrong, that
each program should have the same file open dialog
brought up by the same software, but still today each
program that manages a group of files still has its own
unique project management interface, which is just as
wrong, and just as much needs fixing.

More information about the cap-talk mailing list