[cap-talk] Persistence as a cap value
James A. Donald
jamesd at echeque.com
Wed Mar 12 20:30:36 EDT 2008
Jed Donnelley wrote:
> I think for me the main issue is that of how access is
> delegated. When I refer to access in the previous
> sentence I mean persistent access - that is, not a
> form of access that will be reset on a system reboot
> or any other sort of non explicit means. A means of
> delegation that can be counted on as a "permanent"
> (only changed by intent) form of access control
> management.
Persistent capabilities are bad. They are too valuable,
therefore need too much protection, too much management,
and your mother is not going to provide the necessary
management any more than she does for ACLs. We should
therefore always seeks ways of doing things that do not
require persistent capabilities.
More information about the cap-talk
mailing list