[cap-talk] Capabilities - the rub, an account

Karp, Alan H alan.karp at hp.com
Sat Nov 25 21:21:44 CST 2006

John McCabe-Dansted wrote:
> > "Considerable overhead", oh, lordy, yes.
> Editing an ACL takes less than a minute. Basically the overhead is in
> getting the attention of the sysadmin. Arguably, users should chat to
> the sysadmin before delegating non-trivial rights anyway, and the main
> problem here is the barriers to communication between the users and
> sysadmin rather than ACLs.
But it's unscalable.  The Open Group in their CDSA (Common Distributed
Systems Architecture???) states in Chapter 8 of "CDSA Explained" 

"However, staight ACL operation can put an adminsitrative load on the
resource owner that can become excessive.  Therefore, we assume that
there are times when the administrator wants to do something better than
a straight ACL."

If there's something better than a straight ACL, why wouldn't the
administrator use it all the time?  Can you guess what that better
approach might be?

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list