[cap-talk] CapDesk demo, capability demos in general
Jed Donnelley
capability at webstart.com
Mon Oct 8 11:43:33 EDT 2007
At 01:12 AM 10/8/2007, Jonathan S. Shapiro wrote:
>...
>
>In my opinion, there are serious risks with both ACL and capability
>designs. The main practical advantages that I see in capability systems
>are the ability to front-end (virtualize) authorities, POLA, and the
>relative difficulty for hostile code to transmit them promiscuously. The
>main practical advantage I see in ACL systems is auditability.
Do you see that auditability advantage of ACL systems as a facility
that can't be achieved with capability system through a mechanism
like Horton? If so, I'd be interested to hear what about a
more traditional ACL solution the Horton identity mechanism based
on pure object capabilities can't achieve.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list