You can't retcon safe composability onto a software system.

· Bits and Bobs 3/18/24

Composability is what allows building blocks to nest within each other to create a whole larger than the sum of its parts.

Composability can be a dangerous operation when the components are untrusted.

The lower the friction, the more dangerous the composition can be in a naive system.

You cannot simply retcon safe, low-friction composability onto a system after the fact.

I've talked to a number of very smart folks building frameworks for 3P agents to cooperate.

I asked them how their security model worked to allow untrusted 3Ps agents to participate.

They told me "oh we'll figure that out later".

To which I replied, "...no you won't!"

The only way to have a system with safe, low-friction composition is for it to have that property from the beginning and then never lose it as you grow and extend the system.

The web has maintained a security model of "clicking a link should never be directly dangerous" and "same origin isolation" since the beginning, allowing safe composition.

App frameworks don't have any similar general purpose primitive.

More on this topic

From other episodes