[cap-talk] More Heresey: ACLs not inherently bad
Sandro Magi
naasking at higherlogics.com
Sun Aug 31 09:37:40 CDT 2008
Note that securable ACL systems and their relationships with capabilities has been discussed many times before on cap-talk, in particular as applies to systems with private namespaces. Eric Raymond started a discussion in 2002 which is similar to what Shap proposes below, regarding namespaces and Plan 9 [1]. The whole thread is interesting, as it hashes out many problems with UNIX semantics and private namespaces.
This also isn't the first time Shap has proposed this particular ACL heresy either [2]. ;-)
Sandro
[1] Saving the Unix API, http://www.eros-os.org/pipermail/cap-talk/2002-February/000645.html
[2] Can't for the life of me find his post proposing that ACLs and namespace management might be preferable to capabilities, but it predated the Coyotos work, and followed this article in which Shap reviewed EROS vs ACLs/Unix: http://eros-os.org/design-notes/ReviewingWhereWeStand.html
-------- Original Message --------
> From: "Jonathan S. Shapiro" <shap at eros-os.com>
> Sent: Saturday, August 30, 2008 11:55 AM
> To: cap-talk <cap-talk at mail.eros-os.org>
> Subject: [cap-talk] More Heresey: ACLs not inherently bad
>
> Since nobody responded to my heretical challenge about confused deputy,
> let me see if I can stir up some more controversy: principal-based
> authority systems are not inherently bad.
> [...]
More information about the cap-talk
mailing list