[cap-talk] "ACLs don't" paper rejected from Oakland 09
Karp, Alan H
alan.karp at hp.com
Sat Jan 31 16:10:21 EST 2009
Bill Frantz wrote:
>
> I think one of the reasons Alan is getting some traction with the Navy is
> that they are more interested in correctly implementing their policies than
> they are in following "best practice". As a result they are looking
> carefully at the policies they can implement using ACLs and finding ACLs
> lacking. They are willing to consider other approaches which can implement
> their policies.
>
Actually, the Navy is even more insistent on following best practice. Fortunately, I've been able to demonstrate that their implementations fail to meet their stated goals. The other trick is to parse very carefully the words in the standards they are mandated to use, which has allowed me to convince them that the new approach is consistent with the specified best practice. Having them come up with a use case that can't be done with the conventional approach helps, too.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list