[cap-talk] More Heresey: ACLs not inherently bad
John Carlson
john.carlson3 at sbcglobal.net
Wed Sep 10 10:23:43 CDT 2008
On Sep 10, 2008, at 8:13 AM, John Carlson wrote:
>
> On Sep 10, 2008, at 8:09 AM, John Carlson wrote:
>
>>
>> On Sep 10, 2008, at 7:56 AM, John Carlson wrote:
>>
>>>
>>> On Sep 10, 2008, at 3:30 AM, Jonathan S. Shapiro wrote:
>>>
>>>> On Tue, 2008-09-09 at 20:30 -0700, Charles Landau wrote:
>>>>> Jed Donnelley wrote:
>>>>>> Sorry - I was clear on that. I shouldn't have included the leaf
>>>>>> object in the above <> (see below as to what I was thinking).
>>>>>> What
>>>>>> I don't understand is how such a directory-like object
>>>>>> distinguishes
>>>>>> between a fetch by the "new process" from a fetch by some other
>>>>>> process (old process). Are you imagining some Horton-like
>>>>>> mechanism
>>>>>> where the relevant processes get different capabilities to the
>>>>>> directory-like object so that the directory-like object can
>>>>>> distinguish the fetches?
>>>>>
>>>>> Each time you pass a different set of capabilities to a process,
>>>>> you
>>>>> construct a new directory-like object that will give access to
>>>>> that set.
>>>>> So in general, different processes will receive capabilities to
>>>>> different directory-like objects. It needn't use Horton.
>>>>
>>>> This is precisely the operation that is both performance
>>>> prohibitive and
>>>> (human) complexity prohibitive. It will turn out that humans
>>>> can't make
>>>> the necessary decisions to decide what goes in to those
>>>> directories.
>>>
>>> Perhaps the directory could be created based on a searches? What
>>> determines what can be searched, and does searching require
>>> ambient authority?
>>
In at least one document management system, MatrixOne, there is the
ability to create collections based on searches. However, MatrixOne
is ACL based. Perhaps one needs to solve the search problem when
faced with capabilities (what is reachable?). One may need to
determine what types of things are being searched: Files or Folders
or Objects or Classes. It seems likely that you will be able to find
most things on your desktop, or at least, in your home folder. So the
question is, how do you find stuff on the Internet? In order to
bootstrap communication, you need a searchable server. A directory
server. A directory server with a capability as a URI would be
sufficient?
John
More information about the cap-talk
mailing list