# Joe-E

> subset of Java to support programming according to object-capability discipline

**Wikidata**: [Q6208245](https://www.wikidata.org/wiki/Q6208245)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/Joe-E)  
**Source**: https://4ort.xyz/entity/joe-e

## Summary
Joe-E is a subset of the Java programming language designed to facilitate secure programming according to the object-capability discipline. Introduced in 2004, it was created to enable developers to write programs where object references serve as the sole mechanism for accessing capabilities. The language was designed by David A. Wagner, Chip Morningstar, and Mark S. Miller.

## Key Facts
- **Classification:** Joe-E is an instance of a programming language.
- **Inception:** The language was established in 2004.
- **Paradigm:** It utilizes the object-capability model.
- **Designers:** The language was created by David A. Wagner, Chip Morningstar, and Mark S. Miller.
- **Basis:** It is defined as a subset of Java.
- **Purpose:** Its primary function is to support programming according to the object-capability discipline.
- **Creator Background:** Co-designer David A. Wagner is an American computer scientist, cryptographer, and mathematician.
- **Creator Background:** Co-designer Mark S. Miller is an American computer scientist.

## FAQs
### Q: What is Joe-E?
A: Joe-E is a programming language that acts as a secure subset of Java. It is designed to support the object-capability discipline, ensuring that object references are the only way to gain access to permissions or capabilities.

### Q: Who created Joe-E?
A: Joe-E was designed by American computer scientists David A. Wagner and Mark S. Miller, along with Chip Morningstar.

### Q: When was Joe-E introduced?
A: The inception of Joe-E dates back to 2004.

### Q: How does Joe-E relate to standard Java?
A: Joe-E is a subset of Java, meaning it uses a restricted version of the Java syntax and semantics to enforce security properties that standard Java does not strictly guarantee.

## Why It Matters
Joe-E matters because it addresses the challenge of writing secure software within a popular, existing ecosystem. By defining a strict subset of Java, Joe-E allows developers to leverage familiar syntax and tooling while adhering to the rigorous security standards of the object-capability model. This approach eliminates many of the security vulnerabilities inherent in standard Java caused by language features that allow bypassing access controls or manipulating object state in unintended ways.

The language serves as a practical implementation of object-capability theory, bridging the gap between academic security models and real-world application development. It provides a foundation for building systems where security is verified by the structure of the code itself, rather than relying solely on external policy enforcement. Designed by notable figures in computer science and cryptography, Joe-E represents a significant effort to integrate robust security principles directly into the programming language design.

## Notable For
-   Being a **secure subset of Java**, distinguishing it from languages that build capability security from scratch.
-   Strict adherence to the **Object-capability model**, ensuring that untrusted code cannot access resources without explicit permission.
-   Design by **David A. Wagner**, a recognized figure in cryptography and computer security.
-   Design by **Mark S. Miller**, a pioneer in the development of object-capability secure languages.
-   Enabling **security auditing** through static verification of the code's capability discipline.

## Body
### Design and Paradigm
Joe-E is formally classified as a programming language, but functionally it operates as a subset of the Java programming language. Its core design principle is the support of programming according to the **object-capability discipline**. This paradigm dictates that the only way a component can exercise a capability (such as writing to a file or making a network connection) is by holding a reference to an object that provides that capability. By restricting Java to this subset, Joe-E removes features that could be used to breach security boundaries.

### Historical Context
The language's inception is recorded as **2004**. The project was a collaborative design effort led by:
*   **David A. Wagner:** An American computer scientist, cryptographer, and mathematician known for his work in computer security.
*   **Mark S. Miller:** An American computer scientist recognized for his contributions to secure distributed programming.
*   **Chip Morningstar:** A contributor to the design and implementation of the language.

### Technical Context
Joe-E is intended for developers who require high assurance of security properties in their software. By using a subset of Java, it allows for the static verification of security properties, ensuring that the program cannot perform actions outside of its designated capabilities. This makes it a distinct tool in the landscape of secure programming languages.