Object-Oriented Security is the practice of using common object-oriented design patterns as a mechanism for access control. Such mechanisms are often both easier to use and more effective than traditional security models based on globally-accessible resources protected by access control lists. Object-oriented security is closely related to object-oriented testability and other benefits of object-oriented design.
In an object-oriented security paradigm, simply having a reference to an object implies the right to use it. Security is effected by preventing objects from obtaining references to other objects to which they should not have access. Furthermore, common object-oriented design patterns intended to prevent clients of an interface from accessing implementation details can also be used to prevent malicious code from accessing sensitive resources.
Examples of object-oriented security practices include:
Object-oriented security is not limited to use within object-oriented programming languages. The same principles can apply in a broader context. For instance, objects on the web can be identified by URLs. If an object's URL is an unguessable secret, then the only way to access that object is by first obtaining its URL from some other source. With this approach, object-oriented design principles can apply to these "web objects" just as readily as they apply to programming language objects.
Object-oriented security is fundamentally the same thing as capability-based security and the object-capability model, but stresses the fact that these design principles are already widely accepted and used in common object-oriented programming practice even where object-capabilities are not enforced. The same design patterns which make code agile, testable, and maintainable can also provide security.
The purpose of this site is:
To that end, more content will be added in the coming weeks.