[AIP-56][Discussion] Resource Access Control

[thepomeranian]

AIP-56 - Resource Access Control

Summary

In Move, functions can access arbitrary resources as long as they have access to public APIs allowing to manipulate the resource. There are multiple problems with this, as discussed in the Motivation section. This AIP proposes an extension to the Move language which allows for fine-grained access control of resources. This is achieved by generalizing the familiar acquires T declaration in Move in a downwards compatible way. The evaluation of the resulting access control discipline is primarily dynamic, but intended to become static in the future. The dynamic-first approach is natural because the redundancy principle of "paranoid" VM mode makes a dynamic check necessary anyway.

Goals

This AIP intends to achieve the following:

• Have an organic extension of the Move language to support access control, which is fully downwards compatible
• Enable new strategies for parallelization and sharding
• Increase confidence in the effects of transactions and functions for users and auditors by access control declarations
• Enable safe dynamic dispatch by making access control part of a type.

Read more about it here: Link to AIP

[vineethk]

@thepomeranian Note that the link to AIP at the very bottom is broken currently.