[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand ScottSmith of Johns Hopkins)

Karp, Alan alan_karp@hp.com
Thu, 25 Jan 2001 15:34:25 -0800

> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Wednesday, January 24, 2001 3:10 PM
> To: Mark S. Miller
> Cc: Karp, Alan; Jonathan S. Shapiro; Ben Laurie; David Wagner;
> e-lang@eros-os.org
> Subject: Re: [E-Lang] Java 2 "Security" (was: Re: 
> WelcomeChrisSkalkaand
> ScottSmith of Johns Hopkins)
> > If you believe this is a reinvention of ACLs, I believe we 
> desperately
> need
> > to see your definition of ACLs.  I can't for the life of me 
> reconcile what
> > you seem to be saying here with anything else I believe you 
> to believe.
> > (Well, maybe with some things, but not any regarding security.)
> Actually, I spoke imprecisely. Moving the tags to the 
> capabilities is a
> significant and potentially interesting change.
> However, they are NOT just relabeled capability systems, because the
> capabilities in question can be very selectively revoked. 
> Ultimately, the
> problem here is that you don't care about the capability per 
> se. You care
> about the wielder.

Absolutely not.  I care about the party I gave the capability to, not the
wielder.  That is an essential difference.  Someone I never heard of can get
a privilege from someone else.  That's a good thing, since I don't have to
manage large ACLs.  If I don't like the way the capability is being handled,
I revoke it.  I only have to track the capability, or at worst the user I
gave it to.

> Jonathan

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278