[cap-talk] Sharing of credentials
David Hopwood
david.hopwood at industrial-designers.co.uk
Tue Jan 29 23:36:58 EST 2008
Karp, Alan H wrote:
> ross mcginnis wrote:
>> Comparing the above cap cases with identity based control- 4
>> possible access cases for using identity based control:
> (snip)
>> 3) is perfect
>> 4) is perfect
>>
> They are not perfect if users can share credentials, which is a serious
> problem for ACL systems.
We should explain why it is more of a problem for ACL systems:
it is because these systems make delegation too difficult, and so
users *need* to share credentials in situations where they wouldn't
need to in a system where delegation is easy.
--
David Hopwood
More information about the cap-talk
mailing list