[cap-talk] Implementing attenuated delegation

[Baldur Johannsson]

H'lo David

How general do you want the attenuated delegation?

Filtering, only allow messages through with spefic selectors
(Smalltalk terminology).

Caretaker, allowing attenuation in time until revoked via the
revocation facet of the caretaker.

Membrane versions of above. (All object-refs passed in a message point
to a filter or caretaker for the object that actuall object-refs were
included in the message before the membrane)

Are you fine with allowing anyone to instanciate a evaluator (with
SafeEnv or such (E terminiology)) at that vat/tub/host of the thing
that access is being delegated to?

Then there is the question on if you want to offer offline delegation
or online only. (That is, if you wanted to delegate an attenuated
authority to your friend do you have to first contact the vat/tub/host
that backs the thing you are delegating access to or not?)

The simplest but most limited attenuation is filtering delegated
online. (Basicly you tell the vat/tub/host "Hey make a filter for
<object-ref to the delegated thing> which only allows <list of method
selectors> kind of messages through and give me the object-ref to it")

With kind regards.
-Baldur Jóhannsson.

PS. I apologize for any grammatical or spelling errors that I might
have made in above.