Walnut/Appendix

From Erights

(Difference between revisions)
Jump to: navigation, search
(moved Zebra Copy to separate page, partially wikify)
Line 9: Line 9:
===The Meaning Of "Authority"===
===The Meaning Of "Authority"===
-
E does not attempt to control computing resources such as memory and disk space, so inside the context of <span class="e">''E''</span>, it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and transitively immutable (i.e., ''deep frozen'') are considered to convey no authority. Strings, integers, ConstLists, ConstMaps, and eMakers all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority).
+
E does not attempt to control computing resources such as memory and disk space, so inside the context of '''''E''''', it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and [[transitively immutable]] (i.e., ''[[deep frozen]]'') are considered to convey no authority. [[String]]s, [[integer]]s, [[ConstList]]s, [[ConstMap]]s, and [[emakers|eMaker]] all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority).
===Miranda Methods===
===Miranda Methods===
Line 21: Line 21:
<font color="#ff0000">Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value</font>
<font color="#ff0000">Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value</font>
-
<br /><font color="#ff0000"> must rethrow the catch clause if using the promise coming out of when done</font>
+
<font color="#ff0000"> must rethrow the catch clause if using the promise coming out of when done</font>
-
<font color="#ff0033">"bind" is now a standalone verb, no "def" needed.</font><br />
+
<font color="#ff0033">"bind" is now a standalone verb, no "def" needed.</font>
-
<font color="#ff0033">in walnut,</font><br /><br /><font color="#ff0033"> talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in </font><br /><br /><font color="#ff0033"> "" + x</font><br /><font color="#ff0033"> or </font><br /><font color="#ff0033"> `$x`</font><br /><br /><font color="#ff0033"> also,</font><br /><br /><font color="#ff0033"> `$\n` is a newline now</font>
+
<font color="#ff0033">in walnut,</font>
 +
 
 +
<font color="#ff0033"> talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in </font>
 +
 
 +
<font color="#ff0033"> "" + x</font>
 +
 
 +
<font color="#ff0033"> or </font>
 +
 
 +
<font color="#ff0033"> `$x`</font><br /><br /><font color="#ff0033"> also,</font>
 +
 
 +
<font color="#ff0033"> `$\n` is a newline now</font>
===Further Reading===
===Further Reading===
Line 36: Line 46:
* Ode
* Ode
-
AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it. <br /><br /> One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life.<br /><br /> Zebra Copy, a small business in Palo Alto and Cupertino, does business with HP. Some 2,000 HP employees are permitted to order work from them. The system in place uses ACLs, so Zebra Copy has a database of HP employees and what each is allowed to do. Every time an employee changes roles, HP must notify Zebra Copy, and they must update their database. HP has some 20,000 such business partners, and Zebra Copy has several hundred companies it does business with. What a nightmare. I thought the person describing this to me was joking.<br /><br /> If capabilities were used, life would be much simpler. Zebra Copy would give HP a capability for each access right. It would be up to HP to manage those capabilities. When someone at HP changed jobs, it would be HP's responsibility to make sure that the capability was transferred properly. Should a capability be stolen or misused, HP would be responsible until it notified Zebra Copy to revoke it. Zebra Copy would need only keep one set of capabilities for each contract; HP would not need to keep suppliers informed of personnel changes.<br />
+
AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it.  
 +
 
 +
One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life: [[Zebra Copy]].
===eDesk Example===
===eDesk Example===

Revision as of 19:09, 31 December 2006


Contents

Appendix

Quick Reference Card

The Quick Reference Card can be seen here.

The Meaning Of "Authority"

E does not attempt to control computing resources such as memory and disk space, so inside the context of E, it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and transitively immutable (i.e., deep frozen) are considered to convey no authority. Strings, integers, ConstLists, ConstMaps, and eMaker all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority).

Miranda Methods

respondsTo etc.

yourself used to get reliable "broken" behavior when sending to local object

the "opt" prefix for optional, substitute for get if null returnable

Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value

must rethrow the catch clause if using the promise coming out of when done

"bind" is now a standalone verb, no "def" needed.

in walnut,

talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in

"" + x

or

`$x`

also,

`$\n` is a newline now

Further Reading

AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it.

One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life: Zebra Copy.

eDesk Example

Web Server Example

Safe Classes, Unsafe Classes, and Suppressed Methods

Personal tools
more tools