[Python-Dev] new security doc using object-capabilities

[Greg Ewing]

Phillip J. Eby wrote:

> When I say "name checker" I mean the Zope type that allows you to specify a 
> list of names that are allowed for a given object.  This allowing is not 
> based on identity or code signing or anything like that.  It's just a list 
> of attribute names: i.e. a capability mask over an existing object.

But this is backwards from what a true object-capability
system should be like if it's properly designed. Instead
of starting with too-powerful objects and trying to
hide some of their powers, the different powers should
be separated into different objects in the first place.

It sounds to me like Zope is using the approach it's
using because it's having to work with Python as it
currently is, not because its approach is the best one.

--
Greg