[cap-talk] caps tried and rejected for AMQP
Mark Miller
erights at gmail.com
Thu Oct 8 00:55:13 EDT 2009
On Wed, Oct 7, 2009 at 7:18 PM, David-Sarah Hopwood
<david-sarah at jacaranda.org> wrote:
> Zooko O'Whielacronx wrote:
>> Thanks to David Reid for bringing this to my attention.
>>
>> The developers of the popular open source AMQP broker named "RabbitMQ"
>> were asked to add access control. They explored ACLs and caps,
>> implemented trial versions of each, and then settled on ACLs. Here is
>> the write-up from one of them:
>>
>> http://hopper.squarespace.com/blog/2009/1/22/capabilities-for-messaging.html
>
> Disappointing to see another rejection of capabilities with no better
> technical justification than (paraphrasing only slightly)
> "it's too hard to change anything".
I notice near the end
"The actual capability checking code is minimal. Whilst it does not
use the real API directly, the proof-of-concept API is so similar to
the real API that a conversion would be trivial. Because of the
changes to the client, it was decided that ACLs were a more
appropriate choice for an access control mechanism."
Reading between the lines, this suggests to me that the author may be
gently disagreeing with the decision to use ACLs. If the changes would
indeed only have been trivial, was it a mistake to adopt ACLs merely
to avoid these trivial changes? Even if the changes would have been
technically trivial, would they have been politically non-trivial?
I have placed on the article a reference to this email thread, so
perhaps the author could comment.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list