[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand ScottSmith of Johns Hopkins)

Jonathan S. Shapiro shap@eros-os.org
Wed, 24 Jan 2001 17:40:24 -0500

> > There really is a valid argument for some form of ACL here.
> I disagree that ACLs are needed for selective revocation.  One way is to
> have a system that gives you the ability to clone a capability.  Then you
> can selectively revoke a single clone and leave the others alone

I believe that you just re-invented ACLs. You simply attached the tags to
capabilities rather than to processes. Also, note that your solution
violates the desired pass-through property.