[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand ScottSmith of Johns Hopkins)
Jonathan S. Shapiro
Wed, 24 Jan 2001 17:40:24 -0500
> > There really is a valid argument for some form of ACL here.
> I disagree that ACLs are needed for selective revocation. One way is to
> have a system that gives you the ability to clone a capability. Then you
> can selectively revoke a single clone and leave the others alone
I believe that you just re-invented ACLs. You simply attached the tags to
capabilities rather than to processes. Also, note that your solution
violates the desired pass-through property.