[cap-talk] Another "core" principle
Marc Stiegler
marcs at skyhunter.com
Mon Dec 18 12:06:05 CST 2006
Jonathan S. Shapiro wrote:
> I propose the following as a core principal:
>
> 3. We must not accept any design pattern for authority management
> whose use cannot be managed by human beings in the real world.
>
> I'm not sure my concern is valid, but I'm concerned about the membrane
> pattern. If the consequence of causally dependent capabilities (which is
> what membranes build) is that nobody ever dares to revoke a membrane,
> then there is absolutely no point introducing the membranes in the first
> place.
>
> If my concern proves to be valid, then the membrane pattern should be
> rejected -- even if we can make it work from a technical perspective.
>
> shap
Also, I have a design for CapDesk that will allow humans to do membrane
revocations that they understand, with understandable consequences,
because they get to do the revocations on compositions that are
meaningful at the user level. Saying it is of course not half so
convincing as doing it...if there ever arises a reason for improving
CapDesk that is valuable enough to do so. Perhaps Coyotos will one day
need a desktop :-)
--marcs
More information about the cap-talk
mailing list