Walnut/Appendix
From Erights
Contents |
Appendix
Quick Reference Card
The Quick Reference Card can be seen here.
The Meaning Of "Authority"
E does not attempt to control computing resources such as memory and disk space, so inside the context of E, it is not considered a conveying of a controlled authority if such compute resources are allocated. Objects which are transparent and transitively immutable (i.e., deep frozen) are considered to convey no authority. Strings, integers, ConstLists, ConstMaps, and eMakers all meet these criteria (though the elements of a ConstList, and the objects made by an eMaker, may very well convey authority).
Miranda Methods
respondsTo etc.
yourself used to get reliable "broken" behavior when sending to local object
the "opt" prefix for optional, substitute for get if null returnable
Are return objects that don't meet the guard simply coerced to null? warn developer that it won't raise an exception, this could be a source of a null value
must rethrow the catch clause if using the promise coming out of when done
"bind" is now a standalone verb, no "def" needed.
in walnut,
talk about printOn(stream), and use it in examples. In security section, note that it must use guard printOn(out :TextWriter). remember that printon reveals whatever you put on out. the other way to be safe is to print the objects on the way to constructing what gets printed, as in
"" + x
or
`$x`
also,
`$\n` is a newline now
Further Reading
- comes to dinner
- to capability based security
- Norm Hardy Security Pages: ????
- E Home page
- Pet Name paper
- Ode
AHK: There's also the scalability issue with ACLS. My door, CD cabinet, and gun vault all need to know who to let in. Any change has to be communicated to all of them in a timely manner. This becomes hard as the number of users and control points goes up. Here's the way I describe it.
One essential difference between capbilities and ACLs is that the former relates to a role and the latter to an identity. Here's an example from real life.
Zebra Copy, a small business in Palo Alto and Cupertino, does business with HP. Some 2,000 HP employees are permitted to order work from them. The system in place uses ACLs, so Zebra Copy has a database of HP employees and what each is allowed to do. Every time an employee changes roles, HP must notify Zebra Copy, and they must update their database. HP has some 20,000 such business partners, and Zebra Copy has several hundred companies it does business with. What a nightmare. I thought the person describing this to me was joking.
If capabilities were used, life would be much simpler. Zebra Copy would give HP a capability for each access right. It would be up to HP to manage those capabilities. When someone at HP changed jobs, it would be HP's responsibility to make sure that the capability was transferred properly. Should a capability be stolen or misused, HP would be responsible until it notified Zebra Copy to revoke it. Zebra Copy would need only keep one set of capabilities for each contract; HP would not need to keep suppliers informed of personnel changes.