diff options
Diffstat (limited to 'stdlib/source/documentation/lux/control/security')
-rw-r--r-- | stdlib/source/documentation/lux/control/security/capability.lux | 51 | ||||
-rw-r--r-- | stdlib/source/documentation/lux/control/security/policy.lux | 122 |
2 files changed, 79 insertions, 94 deletions
diff --git a/stdlib/source/documentation/lux/control/security/capability.lux b/stdlib/source/documentation/lux/control/security/capability.lux index ba9e3a80a..920f9c439 100644 --- a/stdlib/source/documentation/lux/control/security/capability.lux +++ b/stdlib/source/documentation/lux/control/security/capability.lux @@ -1,7 +1,7 @@ (.require [library [lux (.except) - ["$" documentation (.only documentation:)] + ["$" documentation] [data [text (.only \n) ["%" \\format (.only format)]]] @@ -10,35 +10,30 @@ [\\library ["[0]" /]]) -(documentation: (/.Capability brand input output) - (format "Represents the capability to perform an operation." - \n "This operation is assumed to have security implications.")) - -(documentation: /.use - "Applies a capability against its required input." - [(use capability input)]) - -(documentation: /.capability: - "Defines a capability as a unique type, and a constructor for instances." - [(capability: (Can_Duplicate a) - (can_duplicate a [a a])) - - (let [capability (can_duplicate - (function (_ value) - [value value])) - [left right] (..use capability 123)] - (same? left right))]) - -(documentation: /.async - "Converts a synchronous I/O-based capability into an asynchronous capability." - [(async capability)]) - (.def .public documentation (.List $.Module) ($.module /._ "" - [..Capability - ..use - ..capability: - ..async] + [($.documentation (/.Capability brand input output) + (format "Represents the capability to perform an operation." + \n "This operation is assumed to have security implications.")) + + ($.documentation /.use + "Applies a capability against its required input." + [(use capability input)]) + + ($.documentation /.capability: + "Defines a capability as a unique type, and a constructor for instances." + [(capability: (Can_Duplicate a) + (can_duplicate a [a a])) + + (let [capability (can_duplicate + (function (_ value) + [value value])) + [left right] (..use capability 123)] + (same? left right))]) + + ($.documentation /.async + "Converts a synchronous I/O-based capability into an asynchronous capability." + [(async capability)])] [])) diff --git a/stdlib/source/documentation/lux/control/security/policy.lux b/stdlib/source/documentation/lux/control/security/policy.lux index a2da0b92f..d693c8c50 100644 --- a/stdlib/source/documentation/lux/control/security/policy.lux +++ b/stdlib/source/documentation/lux/control/security/policy.lux @@ -1,7 +1,7 @@ (.require [library [lux (.except) - ["$" documentation (.only documentation:)] + ["$" documentation] [data [text (.only \n) ["%" \\format (.only format)]]] @@ -10,81 +10,71 @@ [\\library ["[0]" /]]) -(documentation: (/.Policy brand value %) - "A security policy encoded as the means to 'upgrade' or 'downgrade' in a secure context.") +(.def .public documentation + (.List $.Module) + ($.module /._ + "" + [($.default /.functor) + ($.default /.apply) + ($.default /.monad) + ($.default /.Private) + ($.default /.Can_Conceal) + ($.default /.Can_Reveal) + ($.default /.Safe) + ($.default /.Can_Trust) + ($.default /.Can_Distrust) -(documentation: (/.Can_Upgrade brand % value) - "Represents the capacity to 'upgrade' a value.") + ($.documentation (/.Policy brand value %) + "A security policy encoded as the means to 'upgrade' or 'downgrade' in a secure context.") -(documentation: (/.Can_Downgrade brand % value) - "Represents the capacity to 'downgrade' a value.") + ($.documentation (/.Can_Upgrade brand % value) + "Represents the capacity to 'upgrade' a value.") -(documentation: (/.Privilege brand %) - "Represents the privilege to both 'upgrade' and 'downgrade' a value.") + ($.documentation (/.Can_Downgrade brand % value) + "Represents the capacity to 'downgrade' a value.") -(documentation: (/.Delegation brand %from %to) - "Represents the act of delegating policy capacities.") + ($.documentation (/.Privilege brand %) + "Represents the privilege to both 'upgrade' and 'downgrade' a value.") -(documentation: /.delegation - "Delegating policy capacities." - [(delegation downgrade upgrade)]) + ($.documentation (/.Delegation brand %from %to) + "Represents the act of delegating policy capacities.") -(documentation: (/.Context brand scope %) - "A computational context with an associated policy privilege.") + ($.documentation /.delegation + "Delegating policy capacities." + [(delegation downgrade upgrade)]) -(documentation: /.with_policy - "Activates a security context with the priviledge to enforce it's policy." - [(type Password - (Private Text)) + ($.documentation (/.Context brand scope %) + "A computational context with an associated policy privilege.") - (type (Policy %) - (Interface - (is (-> Text (Password %)) - password) - (is (-> (Password %) Text) - unsafe))) + ($.documentation /.with_policy + "Activates a security context with the priviledge to enforce it's policy." + [(type Password + (Private Text)) - (def (policy _) - (Ex (_ %) (-> Any (Policy %))) - (with_policy - (is (Context Privacy Policy) - (function (_ (open "%::.")) - (implementation - (def (password value) - (%::can_upgrade value)) - (def (unsafe password) - (%::can_downgrade password)))))))] - [(with_policy context)]) + (type (Policy %) + (Interface + (is (-> Text (Password %)) + password) + (is (-> (Password %) Text) + unsafe))) -(documentation: /.Privacy - (format "A security context for privacy." - \n "Private data is data which cannot be allowed to leak outside of the programmed.")) + (def (policy _) + (Ex (_ %) (-> Any (Policy %))) + (with_policy + (is (Context Privacy Policy) + (function (_ (open "%::.")) + (implementation + (def (password value) + (%::can_upgrade value)) + (def (unsafe password) + (%::can_downgrade password)))))))] + [(with_policy context)]) -(documentation: /.Safety - (format "A security context for safety." - \n "Safe data is data coming from outside the program which can be trusted to be properly formatted and lacking injections.")) + ($.documentation /.Privacy + (format "A security context for privacy." + \n "Private data is data which cannot be allowed to leak outside of the programmed.")) -(.def .public documentation - (.List $.Module) - ($.module /._ - "" - [..Policy - ..Can_Upgrade - ..Can_Downgrade - ..Privilege - ..Delegation - ..delegation - ..Context - ..with_policy - ..Privacy - ..Safety - ($.default /.functor) - ($.default /.apply) - ($.default /.monad) - ($.default /.Private) - ($.default /.Can_Conceal) - ($.default /.Can_Reveal) - ($.default /.Safe) - ($.default /.Can_Trust) - ($.default /.Can_Distrust)] + ($.documentation /.Safety + (format "A security context for safety." + \n "Safe data is data coming from outside the program which can be trusted to be properly formatted and lacking injections."))] [])) |