[cap-talk] David Wagner's Google techtalk is now up!

Mathieu Suen mathieusuen at yahoo.fr
Wed Dec 12 17:04:51 EST 2007


On Dec 12, 2007, at 10:35 PM, Ben Laurie wrote:

> On Dec 12, 2007 12:39 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
>> Thanks a lot for your answer.
>> In fact I mess up with strong typing and static typing.
>> I have an other question in mind:
>>
>> Can we use Java Interface as Capability?
>>
>> Than for method instead of declaring a class for a return type we
>> simply return an interface.
>> And it is the same for all other things. We only declare variable  
>> with
>> an Interace.
>>
>> I am also interest why you say that there are some reason to prefer
>> static typing?
>
> One obvious reason to prefer static typing is that violations are
> detected at compile time.


What kind of violation?

For me it seem that most kind of violation that static type detect at  
compile time is also detect when you test you software with  
dynamically type language.

>
>
>>
>> Thanks
>>
>>
>> On Dec 12, 2007, at 6:22 PM, David Wagner wrote:
>>
>>> Mth writes:
>>>> I am a bit new to security model so sorry if my question seems
>>>> stupid.
>>>> In his talk David Wagner say that strongly type system like Java
>>>> ensure some security.
>>>> But why?
>>>> In what dynamically type system is weaker?
>>>
>>> The important thing for security is that Java is strongly typed.
>>> Whether it is statically typed or dynamically typed is less  
>>> important
>>> for the security objectives under discussion here.
>>> (Strong typechecking can be implemented statically or dynamically.)
>>> In Java, the strong typechecking is what provides encapsulation
>>> (clients can't peek at or tamper with the private data of other
>>> objects) and unforgeability of capabilities (strong typechecking  
>>> means
>>> that you can't forge a reference out of whole cloth, and since in
>>> our system a capability is just a reference, that's what we need).
>>>
>>> There are some second-order reasons why one might prefer static
>>> typing or dynamic typing but to my mind they are secondary compared
>>> to the above considerations.  The object capability paradigm is
>>> compatible with both statically checked and dynamically checked
>>> languages.  Joe-E is an example of the former; E is an example of
>>> the latter.
>>> _______________________________________________
>>> cap-talk mailing list
>>> cap-talk at mail.eros-os.org
>>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>>
>>
>>        Mth
>>
>>
>>
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et  
>> son interface révolutionnaire.
>> http://fr.mail.yahoo.com
>>
>> _______________________________________________
>> cap-talk mailing list
>> cap-talk at mail.eros-os.org
>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>
>>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

	Mth




	

	
		
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com



More information about the cap-talk mailing list