[E-Lang] Java 2 "Security" (was: Re: Welcome ChrisSkalkaand ScottSmith of Johns Hopkins)

Karp, Alan alan_karp@hp.com
Tue, 23 Jan 2001 10:46:45 -0800

I've become confused by the various uses of the word "security" on this
thread.  I like to make a distinction between "access control mechanism" and
"security".  I take the former as the means used to decide whether or not to
honor a particular request, normally based on some set of credentials that
accompany the request.  In my lexicon, "security" is the way to determine
who gets what credentials.

I like capabilities as an access control mechansism because checking the
validity of a capability is a simple fact on which to base an access
decision.  On the other hand, I believe that ACLs are an excellent way to
associate access rights with individuals.  

The current e-speak implementation makes exactly this distinction.
"Identity certificates" are associated with individuals.  They are presented
to authorities that return "Attribute certificates" (I don't make the names;
I just report them.) that are treated as capabilities.

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278