[E-Lang] Proxies in an ACL system
Fri, 02 Feb 2001 19:49:23 +0000
David Wagner wrote:
> Ben Laurie wrote:
> >So the daemon can do anything Alice is allowed to do? That's a rather
> >wider authority than was intended, surely?
> Good point! I agree: it'd be much better if you could just enable
> the privilege needed to access the single object of interest, and
> nothing else. (Principle of Least Privilege)
> Java does include some mechanisms to provide this type of functionality
> (the enablePrivilege() API), but this limitation will be present in
> a vanilla ACL system. Thanks for pointing that out.
This is, of course, key to the whole capabilities thing.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff