[cap-talk] Bee Eyes (was: "ACLs don't" paper rejected from Oakland 09)
Jed Donnelley
capability at webstart.com
Thu Feb 5 02:42:20 EST 2009
At 08:41 AM 2/2/2009, Mark Miller wrote:
>On Mon, Feb 2, 2009 at 1:51 AM, Matej Kosik
><<mailto:kosik at fiit.stuba.sk>kosik at fiit.stuba.sk> wrote:
>If we compare ACLs to faceted eye of a bee
>and capabilities to the eye we ourselves use...
>
>...The computer field already has trillions invested in the bee eye.
>If we can't find an incremental evolutionary path from the status
>quo towards capabilities, where both can co-exist during the
>transition, then I doubt there will be any transition. On the web
>especially, the entire game is finding incremental adoption paths.
>
>I will take this opportunity to re-raise the topic of so-called
>"hybrid capability systems" (HCS)...
I believe it's true that we can transition without the need for
hybrid systems. We can 'simply' have some capability systems (e.g.
Web keys) along side some ACL based systems (e.g. traditional user
logins for Web sites). I don't see why we can't transition by using
more and more capabilities when needed (e.g. in mash-ups) and leave
ACL systems to fade away in local obscurity (since ACL access
controls are only valid as far as their principals are known) while
capabilities become more widely used as being usable more globally
and without the need for widespread registering of
names/identities. It seems to me that this is already happening to
some extent. The quicker the better from my perspective.
To me it's a bit like Unix access controls. At one point they were
quite important and a primary form of access control. They are still
used of course (every day by me ...), but only locally on individual
Unix systems. For more widespread forms of authority distribution
mechanisms with better communication facilities (e.g. more
capability-like systems, e.g. GPG keys) are needed and used. It
seems to me that this trend could continue without a need for any (or
any significant/integrated) hybrid systems.
Incidentally, have any others seen this:
http://neil.brown.name/blog/20041206170240
(speaking of Unix access controls). I find it interested in being a
more or less first principles effort to "reform" Unix access
controls. Doesn't exactly result in object/capabilities, but it
seems to me that what he is looking for can be achieved with
object/capabilities.
I find the above interesting somewhat because it shows up second in a
Google search for "unix access control".
--Jed http://www.webstart.com/jed-signature.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090205/1c5fc11d/attachment.html
More information about the cap-talk
mailing list