[cap-talk] Architectural Choices: How to migrate from IBAC to OBAC = Object-Based Access Control?
Karp, Alan H
alan.karp at hp.com
Wed Nov 14 18:15:22 EST 2007
> Referring to Capability-Based Access Control
> as "Authorization-Based Access Control" makes
> no sense to me.
A capability is an authorization, but an authorization is not
necessarily a capability. For example, while we use SAML certificates
as capabilities in our Zebra Copy paper, not every implementation will.
The application API might take a filename as an argument, so the
programmers will pass the SAML certificate authorizing access in another
part of the SOAP message. That's weaker but better than relying on
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk