[cap-talk] ACLs: why not have them IN ADDITION to capabilities
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Sun Jul 30 19:06:13 EDT 2006
John Carlson wrote:
> Much is said on this list about the "evils" of ACLs.
I would just like to point out that the article this was in reply to said
nothing about ACLs. It was specifically about the ss- and *-properties, and
their use as challenge problems.
> But why can't
> we have them IN ADDITION to capabilities? Do they break the
> capability model in some way? What I am thinking the answer
> is that ACLs grant too much authority.
It is not surprising that they grant too much authority if they are
configured in advance of knowing what the least authority is, which is
usually the case in ACL systems.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list