[cap-talk] Capabilities and ACLs in Spring?
Venkatesh Srinivas
me at acm.jhu.edu
Sun Apr 6 02:37:18 CDT 2008
Hi,
In the Spring System (from Sun), Objects can be named by capabilities;
however, objects also have an ACL.
The example in "An Overview of the Spring System" - there is an object
whose ACL includes domain C but does include domain D; C can use the
object freely, synthesize a cap to it, and hand it off to D. C can only
synthesize caps with less authority than it has in the object's ACL. D
can only use the object once it has a cap.
Is there any good reason for this model? Any reason why Spring adopted
it?
Thanks,
--vs
More information about the cap-talk
mailing list