Comment by dkarl

I'm a big proponent of using types, but my experience with "Validated" types has not been positive. It's nice when it's unambiguous, but adding "validated" to the name of a type can mean almost anything. What has been validated? Validated according to what rules? You can add what has been validated to the type name, like I can tell that ValidatedNonnegativeInt is a nonnegative integer, but NonnegativeInt would tell me the same thing more concisely.

I've also had a negative experience with using types to encode privileges. Types work well in simple situations, but they scale very badly with additional complexity. Something like PrivilegedUser works fine as long as privilege is binary and one-dimensional, but the need for new types will very quickly grow out of hand for only a modest increase in the complexity of requirements. Encoding privileges as data handles a combinatorial explosion of possibilities much more gracefully, and it is much more straightforward for checking rules that are stored outside the codebase.