[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: specification language?
>How do folks feel about using Java as the specification language for
>certificates?
A terrible idea on all fronts. It is less than a year since Java was first
announced. It is way too soon to start wedging it into every scheme as the
solution to every problem. The development team that created it has recently
split and it is very likely that we will see multiple variants appearing
before too long. This is a good thing for Java in the long term since the
end result of the process will be better. But I don't think we should base
all future specs on Java just yet.
I would suggest that we use scheme which has the advantage of a large and
established userbase, an interpreter can be written very compactly and the
language is known to be very extensible.
In order to solve the certification problem it will be necessary to work at
two levels, a base level which consists of checking that a series of rules
have been obeyed and a more sophisticated level where the rules are formed.
The base level requires relatively little sophistication. The upper level is
dealing with the establishment of trust and is thus an AI type problem.
Java is a nice proceedural language but it is still a proceedural language.
We should be writing certificates of the form "X trusts Y in respect of Z
because of Q". Proceedural certificates which define a series of processes
to perform to establish the validity of an assertion will be very much less
usefull.
I think that as a minimum we should insist on a specification language which
has a formal semantics defined in a domain other than itself. If we want to
build robust systems we will want to derrive proofs.
Phill
Follow-Ups:
References: