[Python-Dev] capability-mediated modules
Tue, 18 Mar 2003 13:01:05 -0500
"Phillip J. Eby" <email@example.com> wrote:
> There's a *much* simpler way to do this. 'import' is implemented by
> calling an '__import__' function -- which of course is a capability. To do
> mediated imports, it's only necessary to supply a mediating version of
> '__import__'. One also needs a specialized version of '__import__' to set
> up a newly imported module's builtins.
I'm aware of this feature, but I was groping for a more elegant (and more
capability-flavored) way to do it.
As far as I can tell, the technique you describe is the "policy mini-language"
way to implement access control. If I want a certain chunk of code to have
access to a certain module, I set the policy with an overridable handler or a
configuration object, specifying that this code is allowed to have access to
this module, and then I invoke the code.
This is analogous to "restricted Python v2"'s way of controlling access to
certain resources in this e-mail message .
If I change my mind about how the code should work, I have to make changes in
two places: first the part of the code that says "import spam" has to change to
say "import eggs", and second the policy configuration has to change from
"suchandsuch is allowed to import spam" to "suchandsuch is allowed to import
In a pure capability language like E, whenever a module is imported it comes
into life without permission to do anything, and then the importer grants it
permission to do whatever it needs to do (by passing references). This is more
like "restricted Python v3" in that designating which module the code ought to
use, and authorizing the code to use that module, are both done in the same act
(by passing a reference to the module in question).
There is a description with examples in the "E in a Walnut" book .
^-- under re-construction: some new stuff, some broken links