[E-Lang] Proxies in an ACL system

Ben Laurie ben@algroup.co.uk
Fri, 02 Feb 2001 19:49:23 +0000

David Wagner wrote:
> Ben Laurie  wrote:
> >So the daemon can do anything Alice is allowed to do? That's a rather
> >wider authority than was intended, surely?
> Good point!  I agree: it'd be much better if you could just enable
> the privilege needed to access the single object of interest, and
> nothing else.  (Principle of Least Privilege)
> Java does include some mechanisms to provide this type of functionality
> (the enablePrivilege() API), but this limitation will be present in
> a vanilla ACL system.  Thanks for pointing that out.

This is, of course, key to the whole capabilities thing.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff