[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand
ScottSmith of Johns Hopkins)
Thu, 25 Jan 2001 15:34:25 -0800
> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:email@example.com]
> Sent: Wednesday, January 24, 2001 3:10 PM
> To: Mark S. Miller
> Cc: Karp, Alan; Jonathan S. Shapiro; Ben Laurie; David Wagner;
> Subject: Re: [E-Lang] Java 2 "Security" (was: Re:
> ScottSmith of Johns Hopkins)
> > If you believe this is a reinvention of ACLs, I believe we
> > to see your definition of ACLs. I can't for the life of me
> reconcile what
> > you seem to be saying here with anything else I believe you
> to believe.
> > (Well, maybe with some things, but not any regarding security.)
> Actually, I spoke imprecisely. Moving the tags to the
> capabilities is a
> significant and potentially interesting change.
> However, they are NOT just relabeled capability systems, because the
> capabilities in question can be very selectively revoked.
> Ultimately, the
> problem here is that you don't care about the capability per
> se. You care
> about the wielder.
Absolutely not. I care about the party I gave the capability to, not the
wielder. That is an essential difference. Someone I never heard of can get
a privilege from someone else. That's a good thing, since I don't have to
manage large ACLs. If I don't like the way the capability is being handled,
I revoke it. I only have to track the capability, or at worst the user I
gave it to.
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278