[e-lang] [cap-talk] Non-Delegatable Authorities in Capability Systems
Toby Murray
toby.murray at comlab.ox.ac.uk
Wed Dec 12 21:42:18 EST 2007
On Thu, 2007-12-13 at 02:23 +0000, Toby Murray wrote:
> The property that I'm after is that, when A invokes B, that B always has
> the final say about the results returned to A.
>
> At first glance, it appears that one needs to disallow (at least) the
> keywords
>
> method
> escape
Oops. I forgot to mention that one would also want to disallow use of
names defined by the expansion rules. The obvious one that comes to mind
is, of course, '__return'.
>
> and stipulate that each vat runs a single turn only (in order to cover
> the case you pointed out in which one delegates a resolver and returns
> the corresponding promise).
>
> Would that be enough?
Would this, now, be enough to enforce the property?
More information about the e-lang
mailing list