[cap-talk] Another "core" principle
Jonathan S. Shapiro
shap at eros-os.com
Sun Dec 17 13:40:28 CST 2006
I propose the following as a core principal:
3. We must not accept any design pattern for authority management
whose use cannot be managed by human beings in the real world.
I'm not sure my concern is valid, but I'm concerned about the membrane
pattern. If the consequence of causally dependent capabilities (which is
what membranes build) is that nobody ever dares to revoke a membrane,
then there is absolutely no point introducing the membranes in the first
place.
If my concern proves to be valid, then the membrane pattern should be
rejected -- even if we can make it work from a technical perspective.
shap
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list