Hi, Nahi-San.

 Ben> Basically it works like this.  Access is provided through
 Ben> objects.  You can only name resources through objects.  If
 Ben> you can name a resource then you must have had permission
 Ben> to access that.  If you cannot name it, then you have no
 Ben> business knowing that it exists.

NaHi> Thank you for explanation.  dRuby now uses ACL which
NaHi> Capability system negates (IIRC; Seki-san?).  Capability
NaHi> system or its idea seems to be helpful for building
NaHi> Application server using dRuby.  Can dRuby itself support
NaHi> this idea?

DRuby has 'front desk model' or 'reception desk model'.

All applications have to inquire of the reception to the objects
at first time.


See small pseudo code...

--- client --- 
DRb.start_service

reception = DRbObject.new(nil, 'druby://localhost:7640')
obj = reception['SeKi']

p obj.do_it

--- server ---
class MyFrontDesk 
  def initialize(db)
    @db = db
    @acl = ACL.new(%w(deny all
                      allow 192.168.1.*
                      allow localhost))
  end

  def user?
    info = Thread.current['DRb']
    return false unless info
    return @acl.allow_socket?(info['socket'].peeraddr)
  end

  def [](name)
    return @db['anonymous'] if name == 'anonymous'
    return @db[name] if user?
    raise 'No Business'
  end
end

DRb.start_service('druby://:7640', MyFrontDesk.new)
DRb.thread.join
----

SeKi