[E-Lang] Proxies in an ACL system

David Wagner daw@mozart.cs.berkeley.edu
2 Feb 2001 16:13:58 GMT


Ben Laurie  wrote:
>So the daemon can do anything Alice is allowed to do? That's a rather
>wider authority than was intended, surely?

Good point!  I agree: it'd be much better if you could just enable
the privilege needed to access the single object of interest, and
nothing else.  (Principle of Least Privilege)

Java does include some mechanisms to provide this type of functionality
(the enablePrivilege() API), but this limitation will be present in
a vanilla ACL system.  Thanks for pointing that out.