The Sphere Security Model.
lex at cc.gatech.edu
Sun Apr 27 07:32:05 UTC 2003
Alan Grimes <alangrimes at starpower.net> wrote:
> We reach in and start a thread in FOO. Its environment are whatever
> services are available within FOO ( in this case, objects and methods).
> This environment also includes objects and meathods inherited from
> SPHERE as well as objects and methods _PUBLISHED_ by BAR and BAZ. FOO
> has no direct access to anything in BAT.
It sounds like you could also use a capabilities model, if you wanted.
The way you'd do it is to allow a sphere to be referenced from outside,
but only if someone who has access to the sphere has passed out the
reference. For example, BAZ could pass to FOO a reference to BAT, and
then FOO could call walk into the BAT as well.
A reason this may be useful is if BAT is really a stripped down version
BAZ doesn't want to give out direct access to BAZOINKA, so it created
BAT on a request from FOO that gives just a little of the power of
BAZOINKA. Maybe BAZOINKA is a directory and BAT is a file in that
Just a thought. I certainly haven't digested your design at this point,
but wanted to mention this little bit. I hope you stick with your
efforts on system and language design. It sounds like fun, and
something really great could come out of it! Once you've got your ideas
down, though, be sure and check with works by other designers. Have you
looked at the two History of Programming Languages volumes published by
ACM? You'd love them, if you haven't seen them already!
More information about the Squeak-dev