Decentralized, Secure, Human-Meaningful: Choose Two (was Re: Dan
Ingalls' Environments package)
Tony Garnock-Jones
tonyg at lshift.net
Fri May 11 09:03:21 UTC 2007
J J wrote:
> Perhaps that is the way to go, we'll see, but one must keep in mind that
> there is a slider bar: on one side is "user friendly-ness" and on the
> other side is "security". The more secure you are, the less user
> friendly. The more user friendly, the less secure.
I'm not sure it's quite so binary.
There's an idea called "Zooko's Triangle",
http://en.wikipedia.org/wiki/Zooko's_triangle, that states that names
can be any *two* of
- human-meaningful/friendly/memorable
- decentralised
- secure/unique
but never all three at once.
The situation we have within a Squeak image today is a *centralised*
human-meaningful unique naming system: classes have unique names in a
central, system-wide directory.
The situation we have within the Squeak community at large is a little
different: a decentralised, human-meaningful, but *non-unique* naming
system, where anybody at all can build their own MyClass, completely
different to everybody else's.
Systems like Craig's naiad, if I understand correctly, are decentralised
and unique, and sacrifice a certain degree of human-meaningfulness. This
strikes me as the way to go, because tools can help bridge the gap to a
system just as easy to use as the current centralised class dictionary.
For an excellent introduction to the idea of "petnames",
locally-meaningful names for securely-unique keys, please see
http://www.skyhunter.com/marcs/petnames/IntroPetNames.html
The "examples and near examples" section is particularly interesting -
it's easy to imagine Squeak's tooling slightly refactored to provide
outstanding support for a petname system for classes.
More references:
http://zooko.com/distnames.html
http://shirky.com/writings/domain_names.html
Regards,
Tony
--
[][][] Tony Garnock-Jones | Mob: +44 (0)7905 974 211
[][] LShift Ltd | Tel: +44 (0)20 7729 7060
[] [] http://www.lshift.net/ | Email: tonyg at lshift.net
More information about the Squeak-dev
mailing list
|