[cap-talk] A better reference for the "capabilities propagate too easily" argument

[Mark Miller]

On 8/2/07, Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> I agree that the S&S definition has the advantage that it distinguishes
> capabilities from ACLs. But I think there are better ways to phrase the
> superiority of caps over ACLs than via this definition.

That's a nice side benefit of S&S, but wasn't my point. My point is
that the categories, to be at all relevant to historical usage, must
categorize conventional ACLs as discretionary and MLS as mandatory.
S&S succeeds at this. Alan's might; we'll see. The definition that you
propose implies that any security mechanism whatsoever that ever
enforces anything, including conventional ACLs, implements mandatory
security (on the enforced party). History aside, I like your
definition. But history isn't aside.

-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM