[cap-talk] Java coding rules for capability discipline
David Wagner
daw at cs.berkeley.edu
Fri Nov 5 15:37:55 EST 2004
Ian Grigg writes:
>If we could agree that capabilities was, in the large,
>programming in an OO language ("using Java references")
>and using the POLA discipline, I'd be a happy camper.
I don't think it is that simple. Take capability discipline, for
instance.
Q: Why shouldn't java.io.File have a deleteEntireHardDisk() method on it?
A: capability discipline.
That's not an instance of POLA. Capability discipline is an enabler
that makes POLA more effective, but it is not POLA.
Capability discipline is also not just an instance of ordinary OO
programming. Ordinary OO doctrine says that software decomposition
into objects should respect, say, coherent pieces of functionality.
Capability discipline says that your decomposition should also take into
account security issues.
More information about the cap-talk
mailing list