[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand
ScottSmith of Johns Hopkins)
Karp, Alan
alan_karp@hp.com
Thu, 25 Jan 2001 15:34:25 -0800
> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Wednesday, January 24, 2001 3:10 PM
> To: Mark S. Miller
> Cc: Karp, Alan; Jonathan S. Shapiro; Ben Laurie; David Wagner;
> e-lang@eros-os.org
> Subject: Re: [E-Lang] Java 2 "Security" (was: Re:
> WelcomeChrisSkalkaand
> ScottSmith of Johns Hopkins)
>
>
> > If you believe this is a reinvention of ACLs, I believe we
> desperately
> need
> > to see your definition of ACLs. I can't for the life of me
> reconcile what
> > you seem to be saying here with anything else I believe you
> to believe.
> > (Well, maybe with some things, but not any regarding security.)
>
> Actually, I spoke imprecisely. Moving the tags to the
> capabilities is a
> significant and potentially interesting change.
>
> However, they are NOT just relabeled capability systems, because the
> capabilities in question can be very selectively revoked.
> Ultimately, the
> problem here is that you don't care about the capability per
> se. You care
> about the wielder.
Absolutely not. I care about the party I gave the capability to, not the
wielder. That is an essential difference. Someone I never heard of can get
a privilege from someone else. That's a good thing, since I don't have to
manage large ACLs. If I don't like the way the capability is being handled,
I revoke it. I only have to track the capability, or at worst the user I
gave it to.
>
> Jonathan
>
_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/