Walnut/Appendix
From Erights
(→Further Reading) |
m (Reverted edits by 221.13.32.99 (Talk); changed back to last version by Zarutian) |
||
(4 intermediate revisions not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:Walnut|8]] | ||
+ | |||
==Appendix== | ==Appendix== | ||
Line 7: | Line 9: | ||
===The Meaning Of "Authority"=== | ===The Meaning Of "Authority"=== | ||
- | E does not attempt to control computing resources such as memory and disk space, so inside the context of | + | E does not attempt to control computing resources such as memory and disk space, so inside the context of '''''E''''', it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and [[transitively immutable]] (i.e., ''[[DeepFrozen|deep frozen]]'') are considered to convey no authority. [[String]]s, [[integer]]s, [[ConstList]]s, [[ConstMap]]s, and [[emakers|eMaker]] all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority). |
===Miranda Methods=== | ===Miranda Methods=== | ||
Line 19: | Line 21: | ||
<font color="#ff0000">Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value</font> | <font color="#ff0000">Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value</font> | ||
- | + | <font color="#ff0000"> must rethrow the catch clause if using the promise coming out of when done</font> | |
- | <font color="#ff0033">"bind" is now a standalone verb, no "def" needed.</font | + | <font color="#ff0033">"bind" is now a standalone verb, no "def" needed.</font> |
- | <font color="#ff0033">in walnut,</font> | + | <font color="#ff0033">in walnut,</font> |
+ | |||
+ | <font color="#ff0033"> talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in </font> | ||
+ | |||
+ | <font color="#ff0033"> "" + x</font> | ||
+ | |||
+ | <font color="#ff0033"> or </font> | ||
+ | |||
+ | <font color="#ff0033"> `$x`</font><br /><br /><font color="#ff0033"> also,</font> | ||
+ | |||
+ | <font color="#ff0033"> `$\n` is a newline now</font> | ||
===Further Reading=== | ===Further Reading=== | ||
Line 34: | Line 46: | ||
* Ode | * Ode | ||
- | AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it. | + | AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it. |
+ | |||
+ | One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life: [[Zebra Copy]]. | ||
===eDesk Example=== | ===eDesk Example=== |
Latest revision as of 15:55, 19 December 2008
Contents |
Appendix
Quick Reference Card
The Quick Reference Card can be seen here.
The Meaning Of "Authority"
E does not attempt to control computing resources such as memory and disk space, so inside the context of E, it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and transitively immutable (i.e., deep frozen) are considered to convey no authority. Strings, integers, ConstLists, ConstMaps, and eMaker all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority).
Miranda Methods
respondsTo etc.
yourself used to get reliable "broken" behavior when sending to local object
the "opt" prefix for optional, substitute for get if null returnable
Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value
must rethrow the catch clause if using the promise coming out of when done
"bind" is now a standalone verb, no "def" needed.
in walnut,
talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in
"" + x
or
`$x`
also,
`$\n` is a newline now
Further Reading
- Satan comes to dinner
- Introduction to capability based security
- Norm Hardy Security Pages: ????
- E Home page
- Pet Name paper
- Ode
AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it.
One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life: Zebra Copy.