Eric Jacobs
> The trick would be having a way to store these handles persistently.
> Taken directly, that would mean that the run-time state of the all of
> the servers would have to be saved also, along with the connections,
> and that way all of the handles would be known to valid and secure. Now
> I think I see why capabilties and persistence go together in an OS.
>
> Also, the ability to embed a reference to a connection in a file (a
> "portal" as someone I think on this list called them) would be really
> nifty. That way we could avoid a lot of the nonsense regarding naming
> and placement of files (a lively discussion we had about that on this
> list, I remember.)
Yup. Except that Prometheus is object-oriented so Portals are genuine
classes (I'm even thinking of allowing new classes to be defined at
/runtime/). Like all Links in Prometheus, Portals are bidirectional.
Actually, portals are implemented as matched pairs of Links, one in
each OS component, where the 'outer' link in each pair is class Portal
and the 'inner' is class HardLink. Each Portal contains instructions
to the HardLink in the other component; which it uses to redirect any
message it receives. So in each component, you only have a single Portal
and HardLink pair but users who send messages to a Portal see them
emerge from the other Portal in the other OS component. It also means
that each Component is responsible for implementing security (the Hard-
Links keep track of permissions) on any message it receives even though
the semantics dictates that the Portals themselves are supposed to
implement security; to the user, it sure looks like that's going on!
You know, until now I never quite understood what capabilities-based
security was (except the rather dumb idea of passing encrypted tokens).
Of course, I couldn't even imagine what an object-oriented OS was until
I realized that's what I'd designed. :-)
-- No individual gets up and says, I'm going to take this because I want it. He'd say, I'm going to take it because it really belongs to me and it would be better for everyone if I had it. It's true of children fighting over toys. And it's true of governments going to war. Nobody is ever involved in an aggressive war; it's always a defensive war--on both sides. -- Noam Chomsky, interview with Tor Wennerberg on moralityReceived on Wed Mar 31 23:29:48 1999
This archive was generated by hypermail 2.1.8 : Thu Sep 22 2005 - 15:12:56 PDT