Ka-Ping Yee wrote:
On Sat, 8 Mar 2003, Ben Laurie wrote:
c) Wrap or replace some of the existing libraries, certify that others are "safe"
This should only be necessary for (core and 3rd party) extension modules. The rexec module has a framework for this.
It looks to me like a and b are shared with proxies, and c would be different, by definition. Is there anything else? Am I on the wrong track?
I don't know why you think (c) is different.
Because with proxies you'd wrap with proxies, and with capabilities you'd wrap with capabilities. Or do you think there's a way that would work for both (which would, of course, be great)?
This doesn't make any sense to me. The standard libraries would provide proxy wrappers in either caes. The rexec vs. proxy issue doesn't enter into it.
We've got too much overloading here! I meant "proxy" as in "Zope proxy". Yes, in either case they'll be wrapped in some kind of (non-Zope) proxy, but the actual wrapper would be different.
By the way -- to avoid confusion between "proxies used to wrap unrestricted objects in order to make them into secure objects" and "proxies used to reduce the interface of an existing secure object", let's call the first "proxy" (as has been used in the "rexec vs. proxy" discussion so far), and call the second a "facet" (which is the term commonly used when capabilities people talk about reducing an interface). We often talk about providing, say, a "read-only facet" on an object.
This would be more applicable to an object-based capability model, which Jim and Guido seem to favour.
In fact, perhaps it would be nicest to be able to do both - i.e. bound methods _and_ opaque objects.
Then we'd all be happy.