Thoughts on droplets
Mon, 1 Nov 1999 19:42:03 -0500

> Is Domino implementing a capability system or an ACL system?

Primarily an ACL system.  You need to possess the correct URL (which
encodes the object within a database in a unique number), but access
decisions are based on ACL-style permissions.

>>+ It can be used to extend the web URL space to generalized object
>>identifiers (128 bits might be too small, but not because of security).
>If 128 bits isn't big enough for any other reason, then it probably isn't
>big enough for security.  If 128 bits is big enough to make a random
>collision infeasible, then what other problems might it have?

There are human and mechanical decoding efficiencies in using sparsely
populated spaces of densely populated clusters.  This has nothing at all to
do with security.  Think of it as wanting to prereserve a large enough pool
of names that you'll never have to grow the pool.

More on the rest of your question later.

Jonathan S. Shapiro, Ph. D.
IBM T.J. Watson Research Center
Phone: +1 914 784 7085  (Tieline: 863)
Fax: +1 914 784 7595