[cap-talk] More Heresey: ACLs not inherently bad

[Sandro Magi]

Jed Donnelley wrote:
> An unworkable way to go - if I'm understanding it right.  With such
> a mechanism every time there is a request, one of these "ACL key"s must
> go along to authorize access. 

It's only required for an "initial authentication" step. From then on
you have the choice as to whether to use ACLs or just caps depending on
what's appropriate, and the underlying system still operates via caps.
Also, the ACLs are isolated to a particular subsystem, and use of caps
is encouraged since the "useless" ACL parameter must be passed around
for every call. If a solution cries out for ACL-type access control, I
think that's a fair trade off.

Sandro