[cap-talk] ... enforcement - hope? Capabilities as clumsy, not
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Thu Sep 30 16:54:59 EDT 2004
marcs wrote:
>>The most accurate way to state the design principle is
>>something like:
>>"An object must not be polymorphic with another object that provides
>>less authority."
>
> I could probably twist dean's arm and get him to rephrase this, "an object
> must not be polymorphic with another object that provides different
> authority".
Not sure I agree with that, or at least it needs refinement. Consider a
revoked object: since revocation is dynamic and type systems cannot generally
deal with dynamic interface changes, the type of a revoked object must be
both a subtype and a supertype of (i.e. polymorphically equivalent to) the
type of the corresponding unrevoked object.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list