Not really sure who to respond to on this one.
As it relates to "decisions based on delegation path", Shap and
Charlie discuss, but the underlying mechanisms of Horton as well...
In particular in Keykos the factory requestor's key, and the check
that a "factory" comes from an "official factory", can be viewed as a
coarse form of decision based on delegation path...
as well as the kernel objects being "Sensory".
The thing I note is that
http://www.erights.org/elib/capability/dist-confine.html brings
delegation path into the definition of sensory to some extent.
Much of the Horton work seems complementary to dist confinement not in
a reactive, but proactive fashion...
I.e. when we bridge 3 systems with distributed confinement across
trust boundaries as in the very beginning of your talk.
In particular the case where Alice trusts Carol's capabilities are
sensory, and Alice trusts Bob's capabilities are sensory, and vice
versa.
During the introduction of Carol to Bob we essentially run into the
same problem with Bob's & Carol's lack of knowledge of each other and
being subject to Alice's interpretation of sensory.
The same mechanisms used in Horton seem to allow Alice to convey to
Bob the boundaries by which her first and second hand knowledge of
"sensory" applies to the capabilities within a space.
an aside, the term sentries is used in the beginning which gets rolled
into "identity pathways" later, in this case sentries is presumably
better, as we are attesting to some kernel behavior
rather than a particular user's capabilities.
Not sure if these are useful thoughts, but they are thoughts...
> To view this discussion on the web visit
https://groups.google.com/d/msgid/cap-talk/CAK-_AD4Fp5mabkSJFYyQaxyrSEE4%2BvZsJx89N7VYD5kzX95TtQ%40mail.gmail.com.