[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand S
cottSmith of Johns Hopkins)
Thu, 25 Jan 2001 15:34:23 -0800
> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:firstname.lastname@example.org]
> Sent: Wednesday, January 24, 2001 2:40 PM
> To: Karp, Alan; Jonathan S. Shapiro; Ben Laurie
> Cc: Mark S. Miller; David Wagner; email@example.com
> Subject: Re: [E-Lang] Java 2 "Security" (was: Re:
> ScottSmith of Johns Hopkins)
> > > There really is a valid argument for some form of ACL here.
> > I disagree that ACLs are needed for selective revocation.
> One way is to
> > have a system that gives you the ability to clone a
> capability. Then you
> > can selectively revoke a single clone and leave the others alone
> I believe that you just re-invented ACLs. You simply attached
> the tags to
> capabilities rather than to processes. Also, note that your solution
> violates the desired pass-through property.
It's still a capability because there is no identity attached to it. The
user who gets it can pass it on to others. Access rights are granted or not
based on the clone, not who presents it.
> e-lang mailing list
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278