[cap-talk] More Heresey: ACLs not inherently bad
Sandro Magi
smagi at higherlogics.com
Thu Sep 18 15:27:13 CDT 2008
Jonathan S. Shapiro wrote:
>> Right, I was assuming persistence ala EROS, where the leaves of the tree
>> repo tree are EROS File objects. Your requirements stipulated efficient
>> ACL-like control in a cap system. This approach provide efficient local
>> ACLs in EROS.
>>
>
> In spite of what I wrote above, I don't really think so. In particular,
> you haven't accounted for how the ACL groups are going to get maintained
> here.
If you mean group membership, one way is via an interface exposed by a
distinguished facet(s). You didn't place any requirements on group
management other than being able to manage it (ie. no requirements on
being able to manage groups of people that manage groups, although
that's likely desirable). We can just use these same ACLs if you want to
manage the managers as users and groups.
Sandro
More information about the cap-talk
mailing list