[cap-talk] The ACL model is incomplete
David-Sarah Hopwood
david-sarah at jacaranda.org
Fri Apr 16 09:20:41 PDT 2010
Karp, Alan H wrote:
> In my discussions with US Department of Defense folks, I've been saying that the
> access control list model is incomplete because it doesn't include a mechanism
> for modifying the ACL.
To be precise about that you would have to say which formalization of the
ACL model you're talking about. For example, Lampson's Access Matrix model,
despite all its other flaws, does have a 'control' right allowing changes to
the ACL within the model.
> Updating the ACL requires stepping outside the model by
> introducing the concepts of "administrator" and "owner."
I don't think this is a particularly cogent criticism of real-world systems,
which always do have some way to update ACLs. It is a criticism of the
applicability of some formalizations of the ACL model to real systems.
In any case, more important is the fact that the administrator or owner
becomes a bottleneck in allowing sharing.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20100416/ffd0045c/attachment.bin
More information about the cap-talk
mailing list