On Sat, 8 Mar 2003, Ben Laurie wrote:
c) Wrap or replace some of the existing libraries, certify that others are "safe"
This should only be necessary for (core and 3rd party) extension modules. The rexec module has a framework for this.
It looks to me like a and b are shared with proxies, and c would be different, by definition. Is there anything else? Am I on the wrong track?
I don't know why you think (c) is different.
Because with proxies you'd wrap with proxies, and with capabilities you'd wrap with capabilities. Or do you think there's a way that would work for both (which would, of course, be great)?
This doesn't make any sense to me. The standard libraries would provide proxy wrappers in either caes. The rexec vs. proxy issue doesn't enter into it.
By the way -- to avoid confusion between "proxies used to wrap unrestricted objects in order to make them into secure objects" and "proxies used to reduce the interface of an existing secure object", let's call the first "proxy" (as has been used in the "rexec vs. proxy" discussion so far), and call the second a "facet" (which is the term commonly used when capabilities people talk about reducing an interface). We often talk about providing, say, a "read-only facet" on an object.