Access Control

Patterns of Access Control

I claim that today there are two widely understood paradigms on access control:

Limited scope of variable declarations in most languages since Algol 60. This is augmented by passing arguments in calls.
Unix permission bits on files.

Today both Apple and Android promulgate sandbox ideas that extend limitations on access but I can find no coherent description of either.

I claim here that the first is good and the second is bad. Two language scopes are either disjoint or one is included in the other. I very much like this rule as I write programs but the rule has no analog in the more general paradigm, and I don’t miss it there. I think that it has something to do with the fact that the language paradigm presumes that you finish writing the code before you introduce any data. Operating systems cannot assume this. They must hold data for programs yet unwritten.
Needs work.

Many seasoned computer experts are familiar with both paradigms and have not noticed that they are disparate solutions to the same problem. These people have an unconscious reflex to assume that if you do not enforce Unix style permissions then you are insecure. If one paradigm is bad why not expunge it if there is a better one available.

Capabilities in several platforms have been introduced to control space and time and with this extension, the language like ideas (capabilities) rule the world, or at least software platforms.

The perceptive reader may notice that I have not supported the claim that Unix style permissions are bad, The Confused Deputy will have to suffice for today.