[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand ScottSmith of Johns Hopkins)

[Jonathan S. Shapiro]

> > There really is a valid argument for some form of ACL here.
>
> I disagree that ACLs are needed for selective revocation.  One way is to
> have a system that gives you the ability to clone a capability.  Then you
> can selectively revoke a single clone and leave the others alone

I believe that you just re-invented ACLs. You simply attached the tags to
capabilities rather than to processes. Also, note that your solution
violates the desired pass-through property.

Jonathan