[cap-talk] automatic policy embodiment and enforcement - hope?
David Wagner
daw at cs.berkeley.edu
Wed Sep 22 16:08:53 EDT 2004
Jonathan Shapiro writes:
>On Tue, 2004-09-21 at 21:58, David Wagner wrote:
>> From talking to
>> old-timers in the security community, the consensus (at least inside
>> the security community) seems to be that capabilities were tried, they
>> allowed more fine-grained access control, but this finer granularity
>> was too hard to manage. As I've heard others describe it, the feeling
>> seems to be that any other method of fine-grained access control would
>> probably have had similar advantages and disadvantages.
>
>You should be skeptical of this alleged consensus. In my experience, it
>is articulated by people who have no direct knowledge of older
>capability systems, but have heard this pearl of wisdom from other
>people. There are a hoard of counter-examples to this statement, and
>when reminded of the counter examples, the speakers suddenly admit that
>they are generalizing from a sample set of size zero.
Ok. For my information, can you point me to some of these counter-examples?
More information about the cap-talk
mailing list