Re: [w3ctag/design-reviews] Realms API ECMAScript Proposal (#542)

Hi TAG,

I wanted to let you know I've posted a proposed modification to the realms proposal at https://github.com/tc39/proposal-realms/issues/289 which addresses some, but not all, of my concerns. As I said there,

> I'm optimistic that this proposal removes the most dangerous feature of realms, which is that they advertise themselves as an encapsulation mechanism, but it is extremely easy to shoot oneself in the foot and break encapsulation. This encapsulated-by-default proposal would bring realms onto the same footing as other encapsulation proposals such as trusted types or private fields, and thus make it more congruent with web platform goals.
>
> There still remains a danger with people over-using realms when they need security or performance isolation, beyond just encapsulation. This still weighs heavily on me, and its conflict with the direction the web is going (per https://github.com/tc39/proposal-realms/issues/238) makes me still prefer not providing a realms API at all, in order to avoid such abuse. But I recognize there are cases where synchronous access to another computation environment is valuable, and I think if we curtailed the footgun-by-default nature of realms by prohibiting direct cross-realm object access, I could make peace with the proposal.

The Chromium project would be interested in TAG's take on how to weigh these three alternatives, of the current realms proposal, my proposed middle ground of isolated version with sync message passing, and my preferred version of no realms API.

Thanks for your time!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/542#issuecomment-764011854