this removes unused symbol from the default table and adds more symbols to the list.
to allow for further growth of the default symbol table, we reserve
indexes from 0 to 1023. Any custom symbol defined in tokens or
authorizers must start from 1024
the scoped execution model ensures that checks and rules only
have access to facts added or generated in the current or previous
blocks. They cannot be affected by facts from later blocks. Verifier
rules, checks and policies are executed in the context of the authority
block
Since this change can prevent check from the authority block and the
verifier from being affected by facts from later block, we can remove
the #authority and #ambient symbols
we generate unique revocation ids for each block of the token, that also
depend on the previous block. That way, when holding a token, we also
have valid revocation ids for each of its parent tokens.
Since they are generated from hashes of the token's data, revocation can
be added to an existing system even after tokens were created
having only numbers as variable names was not making rules easy to
follow. Thanks to the symbol table, we have a mechanism to convert
between a string and a number, so we can use it to convert from a name
to an id when adding to the token, but also when printing it, so the
rule would be read the same way on both ends.
Since we're only adding more entries to the symbol table, and integer
ids are still used, tokens generated with the new variable names should
be usable directly with older implementations
before:
- rules in an authority block are authority facts generation rules
- rules in other blocks are caveats
now:
- rules in an authority block are authority facts generation rules
- rules in other block are facts generation rules for this block's validation
- caveats in the authority block are tested once at the beginning of
the validation
- caveats in an other block are specific to that block's validation
