[cap-talk] when is the end of copy and paste from the web browser
dmbarbour at gmail.com
Tue Dec 6 14:53:34 PST 2011
On Tue, Dec 6, 2011 at 2:09 PM, Jonathan S. Shapiro <shap at eros-os.org>wrote:
> The other thing that humans seem to have trouble with is consequence
> arising from transitivity. The main tool I know about for managing and
> bounding that is membranes of one form or another.
Scenarios not well covered by existing security patterns involve
time-varying security policies, i.e. where an administrator or user is
adjusting security policy in a live system. It seems easy to `grandfather`
capabilities - i.e. capabilities can exist in the system that are
impossible to acquire according to the current body of code. Grokking the
consequences of grandfathered capabilities proved to be a huge hassle.
I ended up embedding an implicit revocation membranes in the language
semantics, triggered by my reactive semantics: in order for a capability
grant to remain valid, I must continue to be grant it over time. A nice
consequence is that this results in a far more declarative and RESTful
Anyhow, you could include "the past" with things humans tend to be fuzzy on.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk