# How Much Confinement Do We Want?
**_NOTE:_** **I am absolutely sure this is incredibely incomplete and/or wrong.**
## Introduction
There has been a lot of traffic on the l4-hurd list lately. A good bit of this is related to the question this entry is about: How much confinement do we want? The idea not to implement the full confinement was (accidently?) raised by marcus, who planned to raise it _somewhen_, but not yet. Still, he did, and now we have to manage the situation.
## Terminology
In this section I try to sketch some terminology that came up _during_ the discussion.
### Creator
Creator we call the creator of the confined (constructor) object.[2]
### Instantiator
Instantiator we call the user of the confined (constructor) object. [2]
### Encapsulation
Encapsulation means that information (including authority) cannot be extracted from a program without its consent. This is a restriction on "read in" behavior. [3]
### Confinement
Confinement means that a program cannot communicate outward through unauthorized channels. This is a restriction on "write out" behavior. [3]
### non-trivial confinement
Marcus: \`\`[non-trivial confinement] is the confined constructor design pattern.'' [1]
We speak about non-trivial confinement when creator != instantiator. [2]
### trivial confinement
Marcus: \`\`[trivial confinement] is what the Hurd will do'' [1]
We speak about trivial confinement when creator == instantiator [2]
### principle of user freedom/autonomity
The principle of user freedom and autonomity means the right to use, inspect, alter and copy all resources attributed to/owned by the user.[4]
### freedom of digital information
TBD
## The Positions
Here I try to sketch the different positions.
### Use and Implement Only Trivial Confinement by Default
#### Pros
* Follows the principle of user freedom
* **add more here**
#### Cons
* Possibly use cases for non-trivial confinement exist we cannot yet think of.
* **add more here**
### Implement Full Confinement and Utilize It
#### Pros
* There are many years of experience with confinement.
* **add more here**
#### Cons
* It does not follow the principle of user freedom.
* **add more here**
## Preliminary Summary Statements
* [Jonathan](http://lists.gnu.org/archive/html/l4-hurd/2006-05/msg00018.html)
## A Try to Push the Discussion into a Constructive Direction
Marcus started a challenge [5] to find a use case for non-trivial confinement that is interesting for the Hurd and cannot be implemented otherwise. The exact challenge definition can be found in the mail.
----
* [1]
* [2]
* [3]
* [4]
* [5]
-- [[Main/TomBachmann]] - 01 May 2006