[Python-Dev] Re: Capabilities
Mon, 10 Mar 2003 14:03:28 +0000
Ka-Ping Yee wrote:
> On Sat, 8 Mar 2003, Ben Laurie wrote:
>>>>c) Wrap or replace some of the existing libraries, certify that others
>>>This should only be necessary for (core and 3rd party) extension
>>>modules. The rexec module has a framework for this.
>>>>It looks to me like a and b are shared with proxies, and c would be
>>>>different, by definition. Is there anything else? Am I on the wrong track?
>>>I don't know why you think (c) is different.
>>Because with proxies you'd wrap with proxies, and with capabilities
>>you'd wrap with capabilities. Or do you think there's a way that would
>>work for both (which would, of course, be great)?
> This doesn't make any sense to me. The standard libraries would provide
> proxy wrappers in either caes. The rexec vs. proxy issue doesn't enter
> into it.
We've got too much overloading here! I meant "proxy" as in "Zope proxy".
Yes, in either case they'll be wrapped in some kind of (non-Zope) proxy,
but the actual wrapper would be different.
> By the way -- to avoid confusion between "proxies used to wrap
> unrestricted objects in order to make them into secure objects" and
> "proxies used to reduce the interface of an existing secure object",
> let's call the first "proxy" (as has been used in the "rexec vs. proxy"
> discussion so far), and call the second a "facet" (which is the term
> commonly used when capabilities people talk about reducing an interface).
> We often talk about providing, say, a "read-only facet" on an object.
This would be more applicable to an object-based capability model, which
Jim and Guido seem to favour.
In fact, perhaps it would be nicest to be able to do both - i.e. bound
methods _and_ opaque objects.
Then we'd all be happy.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff