Yet another access control pitch: Don't


(Maxim Veksler) #1

I'd like to share with the group an approach to access control that I've
been thinking of, inspired by python philosophy.

What if we by default we don't have access control at all? Everything is
open to anyone. IMHO novice users will find it easier. Experienced users
will find that they need to type less. Enterprise / professional / security
& privacy concerns will be addressed by supporting a simplistic model
access control:

'all' - same as not specifying anything, meaning open.
'family' - accecible from within the given module.
'private' - accessible from definition scope, i.e "file".

*another name of "family" I can think of is "safe" because all files in the
module have mutual trust but it might lead people to think that without it
their code would somehow not be secure..

So basically I'm suggesting 2 things
1. Make public access be the default
2. Adopt a scope based simple model for access control of file, module,
world.

I think this covers most of the requirements of every day software needs,
based on my experience of writing backend code, core libraries code and iOS
code. Wearing both the had of library makers as well as consumer of 3rd
party code. Mostly this solves the issue of professional devs know to stick
to public API's because you know better, but at times when you do need to
access under the hook you're either locked out for now good reason or need
to do substantially complex hacks only because SDK / library couldn't
imagine your use case.

Final note, it's my personal opinion that the current access control in
swift is attempting to optimize for edge cases which is probably not the
best approach in what is positioned to be a general purpose language.

Would appreciate feedback.
Max.


(Tino) #2

Basically, this looks like Swift 2 with renamed keywords and a changed default.
Imho not the worst thing that's on the table, but the philosophy behind it just seems to be rather uncommon in swift-evolution.

For "normal" users of the language, there is actually no need to tinker with access control — unless you're using a library whose author had to little trust in you :wink: