next up previous
Next: Implicit interactions Up: A Secure Meta-Object Protocol Previous: A Secure Meta-Object Protocol

Explicit interactions

There are times in which interactions with meta-objects are desirable, for example, when a meta-object of one object must provide some information to the meta-object of another object, or obtain some information from it. Even in this case, direct access should be avoided, because it strengthens the coupling between the levels, reducing the adaptability of the application.

One possibility is to offer a mechanism that allows one meta-object to find out which is the meta-object of another object, and then interact with it through this indirect reference, thus eliminating explicit references.

We have decided to discard this solution for two reasons. First, it would be hard to prevent base-level objects from using this mechanism, and this use would break the inter-level separation. Even if only meta-objects could have access to this mechanism (say, a protected method in a base class for all meta-objects), a base-level object might be able to create a meta-object under its control to gain access to the mechanism.

Second, exposing references to meta-objects, even if indirect, would make it possible to present an arbitrary operation for the meta-object to handle, and the meta-object might be unable to tell whether the operation was intercepted from the base level or faked.

Moreover, even if references to meta-objects could only be obtained indirectly, explicit dependencies on their types could still be introduced (say, by a type cast followed by direct invocations). This defeats the whole purpose of the indirection, which is to ease adaptation, i.e., substitution of a meta-object for another of a different type. Therefore, the mechanism for exchanging information with meta-objects should be based upon weak typing and dynamic dispatching, even if the language that the MOP extends is strongly typed.

We propose a mechanism that is based on message objects: given a base-level object and a message object, the mechanism will present the message to the object's meta-object, if the object is reflective, or discard it, otherwise. Meta-objects should be able to tell, based on type and content of a message, whether it is prepared to handle it. If it is, it can extract information from it, or respond to it, by invoking its methods.

This mechanism does not allow the sender of the message to gain any information about the meta-object, or even about its existence, unless the meta-object is willing to disclose it. A meta-object has absolute control over message handling, so its behavior may range from completely ignoring messages that do not satisfy some acceptance criteria to providing references to itself, in order to ease further communication with authorized partners.

We should note that, although this messaging mechanism is intended to be used for communication between meta-objects, base-level objects may be able to use it, and thus to break inter-level separation. Restricting access to this mechanism only to meta-objects would not help, unless creation of meta-objects could also be restricted. In any case, the main argument for preventing such interactions, which is that of reducing coupling between levels, is sustained.


next up previous
Next: Implicit interactions Up: A Secure Meta-Object Protocol Previous: A Secure Meta-Object Protocol
contact the authors