Below (original post heavily abridged.) On Thu, Aug 29, 2013 at 6:09 PM, David Barbour <[email protected]> wrote:
> > 2) Ka-Ping Yee's principles for "Secure Interaction Design" are excellent. > These focus on keeping users continuously aware of what authorities they > possess, where they come from, which authorities they have granted, > universal revocability (no 'grandfather law' authorities), and controlling > against accidental grants (i.e. path of least resistance is least > authority). These principles guided my design of RDP: capability security > model addresses most of Yee's principles, while continuous reactive > dataflows help with both revocability and visibility. > http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=16AE36F3FA20A07CEC5FD242CDC26DAA?doi=10.1.1.6.1380&rep=rep1&type=pdf Guessing this is what I should be reading to know what you're talking about? > 3) Stan Lee's principle: power is coupled with responsibility. A language > or UI should be able to enforce that certain responsibilities are > discharged before it proceeds. E.g. if we start a handshake, we must finish > it; if we open a connection, we must process it; if we make a promise, we > must fulfill it. Most programming languages fail badly here. It easy to > drop these things halfway through; i.e. there is rarely an equivalent of > 'form validation' at the behavior layer. Use of substructural (affine, > relevant, linear) types, however, is very useful for expressing and > enforcing responsibilities. > Stan Lee is very principled. If I find a flaw in this work, do I get a no-prize? :D > Best, > > Dave > Casey
_______________________________________________ fonc mailing list [email protected] http://vpri.org/mailman/listinfo/fonc
