[Python-Dev] Re: Capabilities

Ben Laurie ben@algroup.co.uk
Mon, 10 Mar 2003 14:03:28 +0000

Ka-Ping Yee wrote:
> On Sat, 8 Mar 2003, Ben Laurie wrote:
>>>>c) Wrap or replace some of the existing libraries, certify that others
>>>>are "safe"
>>>This should only be necessary for (core and 3rd party) extension
>>>modules.  The rexec module has a framework for this.
>>>>It looks to me like a and b are shared with proxies, and c would be
>>>>different, by definition. Is there anything else? Am I on the wrong track?
>>>I don't know why you think (c) is different.
>>Because with proxies you'd wrap with proxies, and with capabilities
>>you'd wrap with capabilities. Or do you think there's a way that would
>>work for both (which would, of course, be great)?
> This doesn't make any sense to me.  The standard libraries would provide
> proxy wrappers in either caes.  The rexec vs. proxy issue doesn't enter
> into it.

We've got too much overloading here! I meant "proxy" as in "Zope proxy". 
Yes, in either case they'll be wrapped in some kind of (non-Zope) proxy, 
but the actual wrapper would be different.

> By the way -- to avoid confusion between "proxies used to wrap
> unrestricted objects in order to make them into secure objects" and
> "proxies used to reduce the interface of an existing secure object",
> let's call the first "proxy" (as has been used in the "rexec vs. proxy"
> discussion so far), and call the second a "facet" (which is the term
> commonly used when capabilities people talk about reducing an interface).
> We often talk about providing, say, a "read-only facet" on an object.

This would be more applicable to an object-based capability model, which 
Jim and Guido seem to favour.

In fact, perhaps it would be nicest to be able to do both - i.e. bound 
methods _and_ opaque objects.

Then we'd all be happy.



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff