Kv Org [mailto:[EMAIL PROTECTED]] wrote > I believe Perl6 needs a facility to run > "compartmented" code (object-oriented and > module-loading) that is tagged as to its permissions > and "owner" ID. The goal would be to let such code use > harmful actions only by calling permitteed outside > functions that implement permission checks before > calling potentially harmful code.
I'm not an expert in this area, but I think that a capabilities based model is probably better than compartments. The model would be that a program starts with a set of capabilities; and then any code that it calls (or thread that it starts) would inherit these capabilies -- a function call (or thread start) could explicity deny some capabilities to the code that it calls; also, a function could return additional capabilities to the caller. Capabilities could be stored as a hash in the %MY pad. The capability to add stuff to that hash would, of course, be highly restricted. A capability is probably just an object: any module can define any number of capabilities; but only it (not its subclasses) has the right to create instances of that capability (which it can then return to a requesting caller). When a function later trys to use a protected method, that method would check that its C<caller> has an appropriate capability Dave.