From ecd2f8811703d1f5e2e05fd4239c95a850c1a313 Mon Sep 17 00:00:00 2001 From: TomBachmann Date: Mon, 1 May 2006 13:01:44 +0000 Subject: none --- Hurd/HowMuchConfinementDoWeWant.mdwn | 93 ++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 Hurd/HowMuchConfinementDoWeWant.mdwn diff --git a/Hurd/HowMuchConfinementDoWeWant.mdwn b/Hurd/HowMuchConfinementDoWeWant.mdwn new file mode 100644 index 00000000..1340d7d0 --- /dev/null +++ b/Hurd/HowMuchConfinementDoWeWant.mdwn @@ -0,0 +1,93 @@ +# How Much Confinement Do We Want? + +**_NOTE:_** **I am absolutely sure this is incredibely incomplete and/or wrong.** + +## Introduction + +There has been a lot of traffic on the l4-hurd list lately. A good bit of this is related to the question this entry is about: How much confinement do we want? The idea not to implement the full confinement was (accidently?) raised by marcus, who planned to raise it _somewhen_, but not yet. Still, he did, and now we have to manage the situation. + +## Terminology + +In this section I try to sketch some terminology that came up _during_ the discussion. + +### Creator + +Creator we call the creator of the confined (constructor) object.[2] + +### Instantiator + +Instantiator we call the user of the confined (constructor) object. [2] + +### Encapsulation + +Encapsulation means that information (including authority) cannot be extracted from a program without its consent. This is a restriction on "read in" behavior. [3] + +### Confinement + +Confinement means that a program cannot communicate outward through unauthorized channels. This is a restriction on "write out" behavior. [3] + +### non-trivial confinement + +Marcus: \`\`[non-trivial confinement] is the confined constructor design pattern.'' [1] + +We speak about non-trivial confinement when creator != instantiator. [2] + +### trivial confinement + +Marcus: \`\`[trivial confinement] is what the Hurd will do'' [1] + +We speak about trivial confinement when creator == instantiator [2] + +### principle of user freedom/autonomity + +The principle of user freedom and autonomity means the right to use, inspect, alter and copy all resources attributed to/owned by the user.[4] + +### freedom of digital information + +TBD + +## The Positions + +Here I try to sketch the different positions. + +### Use and Implement Only Trivial Confinement by Default + +#### Pros + +* Follows the principle of user freedom +* **add more here** + +#### Cons + +* Possibly use cases for non-trivial confinement exist we cannot yet think of. +* **add more here** + +### Implement Full Confinement and Utilize It + +#### Pros + +* There are many years of experience with confinement. +* **add more here** + +#### Cons + +* It does not follow the principle of user freedom. +* **add more here** + +## Preliminary Summary Statements + +* [Jonathan](http://lists.gnu.org/archive/html/l4-hurd/2006-05/msg00018.html) + +## A Try to Push the Discussion into a Constructive Direction + +Marcus started a challenge [5] to find a use case for non-trivial confinement that is interesting for the Hurd and cannot be implemented otherwise. The exact challenge definition can be found in the mail. + +---- + +* [1] +* [2] +* [3] +* [4] +* [5] + +-- [[Main/TomBachmann]] - 01 May 2006 -- cgit v1.2.3