[cap-talk] SPAM-LOW: Re: Capabilities - the rub, an account

Stiegler, Marc D marc.d.stiegler at hp.com
Sun Nov 26 15:46:47 CST 2006


> > The typical cap response, is that you *can* do things like attach a 
> > revoking or logging proxy to the cap before passing it on. This 
> > response does not convince the ACL crowd that caps are as good or 
> > better than ACLs, nor do I believe that it should. We need 
> to convince 
> > them that  that innocent users *will not* pass rights the 
> obvious way.
> >   
> That decision doesn't necessarily need to be dictated at the 
> admin level though. Sometimes you want to pass a co-equal 
> capability, and sometimes you want a revocable version. In 
> the end, capabilities enable greater flexibility than you can 
> attain with ACLs, but it obviously comes with more danger.

I would have said, "it obviously comes with the same level of reliance
on personal responsibility and alignment of common purpose that all
other forms of cooperative sharing, from the telephone to the copy
machine to the post office, entail". 

Which is, I repeat again (can you get a sore throat from saying the same
thing over and over again in email? :-), the same level of reliance that
an acl system has in the presence of email. The difference with an acl
system is that it is not obvious, it it merely true.


More information about the cap-talk mailing list