[cap-talk] More Heresey: ACLs not inherently bad
John Carlson
john.carlson3 at sbcglobal.net
Wed Sep 10 09:56:35 CDT 2008
On Sep 10, 2008, at 3:30 AM, Jonathan S. Shapiro wrote:
> On Tue, 2008-09-09 at 20:30 -0700, Charles Landau wrote:
>> Jed Donnelley wrote:
>>> Sorry - I was clear on that. I shouldn't have included the leaf
>>> object in the above <> (see below as to what I was thinking). What
>>> I don't understand is how such a directory-like object distinguishes
>>> between a fetch by the "new process" from a fetch by some other
>>> process (old process). Are you imagining some Horton-like mechanism
>>> where the relevant processes get different capabilities to the
>>> directory-like object so that the directory-like object can
>>> distinguish the fetches?
>>
>> Each time you pass a different set of capabilities to a process, you
>> construct a new directory-like object that will give access to that
>> set.
>> So in general, different processes will receive capabilities to
>> different directory-like objects. It needn't use Horton.
>
> This is precisely the operation that is both performance prohibitive
> and
> (human) complexity prohibitive. It will turn out that humans can't
> make
> the necessary decisions to decide what goes in to those directories.
Perhaps the directory could be created based on a searches? What
determines what can be searched, and does searching require ambient
authority?
John
More information about the cap-talk
mailing list