[cap-talk] search capability

John Carlson john.carlson3 at sbcglobal.net
Thu Sep 25 23:36:43 CDT 2008


We know that searches generally work across stuff with ambient  
authority, such as file systems and database tables.  A view defines a  
subset of the ambient authority, generally used with an ACL, to  
prevent the user from seeing parts of the table.  If the view  
definition or search keywords are wrapped  with a sealer/unsealer pair  
such that the search service seals the capability and unseals it as  
well, is this still viewed as a pure capability system, or is it  
viewed as a bastard capability system?  If search terms aren't  
transmitted in the capability, must one create a folder or document  
with the results, and share that instead?  Does a system like CapDesk  
(which if someone could send me the install script again, I will put  
it on my macintosh) or allmydata support sharing of search results  
like this?

Or is a search capability not even in the domain of capability  
theory?  I am thinking that search produces capabilities from  
reachable nodes, that can then be shared in a folder of nodes.  Should  
a folder ever  be defined by a search?

Thanks,

John Carlson


More information about the cap-talk mailing list