[E-Lang] MintMaker with ACLs

Marc Stiegler marcs@skyhunter.com
Mon, 29 Jan 2001 13:15:03 -0700

> It seems that to go down this route we need to look at the E program
> in terms of who the parties are who are using it, and what their trust
> relationships are.  This aspect often seems to me to be concealed
> rather than revealed by the structure of E programs like the MintMaker.
> Perhaps this is due to my inexperience with the language.

I suspect that a significant part of the "concealment" sensation is indeed
inexperience. I remember having a fuzzy feeling, the first time I saw the
Mintmaker, that might be described in the terms you have used here, for not
being able to get a handle on the trust relationships. Understand that I saw
the MintMaker for the first time before ever writing my first E program,
when virtually no documentation of the language existed, and virtually no
other examples had been written either, so I was in at least as bad a boat
as you are :-)

Looking at the MintMaker now, it is now all clear to me. I believe that the
same experience-transition that now allows me to architect peer-to-peer
secure mutual suspicion systems and have the security relationships
approximately correct the first time, is the same one that allows me to read
the MintMaker easily. The closest I can come to explaining it is, I always
look at interfaces through trust-boundary-questioning eyes, and see what is
crossing over. A very poor explanation, but it is the best I can offer :-)