[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Thu Sep 18 15:31:05 CDT 2008
On Thu, 2008-09-18 at 16:27 -0400, Sandro Magi wrote:
> If you mean group membership, one way is via an interface exposed by a
> distinguished facet(s). You didn't place any requirements on group
> management other than being able to manage it (ie. no requirements on
> being able to manage groups of people that manage groups, although
> that's likely desirable). We can just use these same ACLs if you want to
> manage the managers as users and groups.
The tricky bit here is that if we overload user identity onto the
protected payload field, we introduce a requirement that many services
coordinate their use of protected payloads. In consequence, we don't (in
practice) have that field available to distinguish multiple interfaces
or permission differentiations.
sha
More information about the cap-talk
mailing list