the cost of complexity (was: Re: [E-Lang] Java 2
"Security" (was: Re: Welcome ChrisSkalkaand ScottSmith of Johns
Mark S. Miller
Wed, 24 Jan 2001 08:21:51 -0800
At 07:50 AM Wednesday 1/24/01, Jonathan S. Shapiro wrote:
>may feel that ACLs are a bad protection model, but it is inarguable that we
>can specify their behavior and enforce the specification.
As you know, and I believe agree with,
http://www.erights.org/elib/capability/conspire.html disputes that the ACL
security model can be enforced.
Of the subset of ACLs that can be enforced, the only part of that subset not
expressible in capabilities that's been identified is the one Ralph Hartley
pointed out, also explained on that page.