> Thus for example, I can conceive of a "safe" execution restriction
> that says that once a script has read something from one of my local
> files, it can no longer emit network traffic.
To offer another scenario:
Suppose I'm running some kind of for-pay service. I am interested in
attracting new business, so I want to encourage people to try my
server. But you don't want to be obligated to pay if the service is no
good (you run a long query and discover my server has nothing
relevant) yet I don't want to give answers away for free.
We can get part way there just by having common standards for posting
rates, terms and conditions. (By analogy with a restaurant, that's
like posting the menu to a restaurant outside the door. Of course it
doesn't tell you whether the food is good, but at least you know the
price and whether they take checks.)
But might there not be cases where you actually have to run a job or
make a query to tell whether the service is what you want? In that
case, I might want to allow you to send an agent (program) to my
server where it can execute, but all it's allowed to send back to you
is one bit, which tells you whether you ought to buy in.
Does this scenario make sense?