On 09/07/2014 9:59 PM, William ML Leslie wrote: > Sure, fewer rules can mean a simpler type system, which means you can > introduce functionality elsewhere. It does seem like a very different > point to the conversation we've been having, though.
It's not about making the type system simpler. While you can do sensible security with downcasting, it's strictly less sensible than without downcasting. Why would you want two modes of reasoning, type checking and permission checking, that will inevitably interact in confusing ways, when a single one can do both? This eases the user's cognitive burden. I think Matt and I agree that types probably ought to imply permissions, but we disagree on whether ambient reflection entails: 1. types no longer imply permissions only in such cases, 2. types imply permissions and rights amplification explains the augmented authority over the type context I don't see any additional analytical power in changing how we categorize types when we have a term for describing how rights are augmented beyond those in the type context. I never said Matt's view had no utility, I just don't see any *additional* utility in #1 over #2. Matt's view seems like the only sensible one when there is no type system at all. Sandro _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
