[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
1 Feb 2001 06:13:25 GMT
Jonathan S. Shapiro wrote:
>David Wagner wrote:
>> There's nothing about ACL's that forces you to do all-or-nothing
>In fact, if you look at Lampson's paper "Protection", you'll find that
>there is no operation permitting you to do that at all.
Actually, there is! See the copy flag (marked with an asterisk).
If subject S has access A to object O, and the access is marked with
the copy flag, then S can give away access A to O to any other subject
S' she likes. For example, if A is the `read' flag, this allows S to
give away read access to a file she owns without giving away write access.
See Figure 1 of his paper.
This copy flag stuff seems a bit baroque today to my eyes, but provision
was already there in the original Lampson paper for delegation.