[cap-talk] "ACLs don't" paper rejected from Oakland 09

[Bill Frantz]

daw at cs.berkeley.edu (David Wagner) on Saturday, January 31, 2009 wrote:

>I suspect the reason why many current systems are built using ACLs is
>not because of a failure to publish a disproof of the equivalence claim.
>I suspect that the reason why many new systems rolled out today use ACLs
>is inertia: systems builders are familiar with the ACLs approach and feel
>comfortable with it; legacy systems they need to integrate with use ACLs;
>and users have become accustomed to ACL systems.  All of these factors
>make it difficult to swim against the stream.

Another reason current systems are built using ACLs is that the commercial
requirement isn't that the system be secure, the requirement is that the
system follow best security practices. ACLs are current best practice. If
you use a different, less familiar, model, you have a higher risk under the
"best practices" test.

I think one of the reasons Alan is getting some traction with the Navy is
that they are more interested in correctly implementing their policies than
they are in following "best practice". As a result they are looking
carefully at the policies they can implement using ACLs and finding ACLs
lacking. They are willing to consider other approaches which can implement
their policies.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | There are also no libertar-  | Periwinkle
(408)356-8506      | ians in financial crises.    | 16345 Englewood Ave
www.pwpconsult.com |               - Jeff Frankel | Los Gatos, CA 95032