Sunday, December 7, 2008

Capabilities

I've been working with Adrienne (and, transitively, Mark Miller) on figuring out what object capabilities have to do with web programming. Some parts I think I'm getting, but others seem strange.

1. Understanding: Capabilities are a structuring tool in the systems perspective. In particular, you might want to build a policy substrate on top of the capability-secure system; the capability-secure system with associated capability patterns simplifies doing this.

2. Confusion: Why does the membrane pattern protect only the object? A membrane wraps an object's fields and methods, deeply, such that any non-primitive value outputted will also be wrapped. The membrane also provides a gatekeeper in the wrapper of an outputted value if the outputted value is equal to the inputted object to be wrapped/secured. Thus, all access to the object can be easily enabled/disabled. HOWEVER: isn't this too coarse for a low-level system mechanism? Shouldn't it be controlling access to fields and methods? An object gatekeeper can be synthesized by lumping together locks for fields and methods, but, for typical object graphs, not the other way around.

Finally... Anya's getting married! Should start booking a flight :)

No comments: