[cap-talk] Persistence as a cap value
James A. Donald
jamesd at echeque.com
Fri Mar 14 23:47:38 EDT 2008
Jed Donnelley wrote:
> Otherwise (in most circumstances I think?)
> capabilities should be persistent and explicitly
> managed (e.g. revoked as needed/appropriate)
Well no doubt they *should* be explicitly managed, but
will they be?
> I confess that I have an abhorrence to timing
> dependent situations. The only thing worse than an
> explicit timeout is a "random" timing dependence.
Whether non determinism is good or bad depends on the
situation. Obviously it is easier to deal with a fully
deterministic system, but faced with non deterministic
problems, one generally needs non deterministic
solutions.
> From my perspective influences from asynchronous
> events (e.g. that system over there restarted so my
> capability to one of its objects just became invalid)
> are to be avoided if possible.
If it is that system over there, then one of its objects
might not exist any more. And if it does exist, it
likely is in some sense not the same object any more.
Persistence is not going to avoid the problem of
capabilities capriciously going invalid.
More information about the cap-talk
mailing list