[e-lang] Fwd: Capability Systems and Concurrency
erights at gmail.com
Tue Mar 4 00:23:40 EST 2008
6 of 6
---------- Forwarded message ----------
From: Kris Zyp <kzyp at sitepen.com>
Date: Mon, Mar 3, 2008 at 7:49 PM
Subject: Re: Capability Systems and Concurrency
To: Mark Miller <erights at gmail.com>
Cc: Kevin Reid <kpreid at mac.com>
Thanks for explanations, I understand much better now. A few other comments
>> particularly interesting to intersect with capability-based security.
> Indeed! One of the issues the Caja project is currently wrestling with
> is what to do about persistence.
Yes, I would love to collaborate on some of this stuff, I will join the Caja
discussion group, so I can start listening in on the discussions.
Interestingly, AFAIK, Caja and Persevere are the two most extensive
rewriting of property access in order to monitor property changes to achieve
orthogonal persistence, and detect lazy loaded property access, and does
translation to facilitate continuations (based on Narrative
asynchronous XHR transparently. And from what I understand Caja does some
similar property access rewriting.
>> could allow less-trusted sources to store functions, and their
>> could be appropriately limited.
> I don't understand this. Can you expand?
This is really no different than the general goal of capability-based
system, untrusted code should only be given as much capability as necessary.
With my project the untrusted code can simply be persisted as well. In
Persevere, I have adopted a persistence strategy similar to that used by
some Smalltalk and Lisp implementations, where application data (objects)
and program code (functions) are not differentiated in their ability to be
chains, methods, et al) into the central persistent store on the server.
Persevere also implements security that can be defined for any set of
objects, and a set of objects can locally managed by user/group without
requiring access to rest of the persisted object graph. However, I can't
truly allow full access to persisting functions to users that have limited
priviledges. Right now, I only allow full system-wide superusers access to
with capability-based limits as in Caja or ADsafe, I could safely allow
functions to be persisted as long as they are properly limited in their
> May I forward this correspondence to e-lang
> <http://www.eros-os.org/mailman/listinfo/e-lang> and
> <http://groups.google.com/group/google-caja-discuss>? Thanks.
Yes, absolutely, consider my text public domain as well ;).
Text by me above is hereby placed in the public domain
More information about the e-lang