[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

David Wagner daw@mozart.cs.berkeley.edu
27 Jan 2001 00:33:31 GMT


Ben Laurie  wrote:
>David Wagner wrote:
>> >> There's nothing about ACL's that forces you to do all-or-nothing
>> >> delegation.
>
>I had a feeling you meant this, and it is only just not all-or-nothing.
>In particular, there's a relatively small (in comparison to the number
>of files on a system) number of groups, and only root can change group
>membership! So, in order to allow users to actually use this facility, I
>have to give them root. Nice!

But it's totally obvious to see how to modify this example to
build an ACL system which allows delegation that is as fine-grained
as you like.  Sure, Unix delegation isn't as flexible or fine-grained
as you might like, but I said that right from the start.  And if
you want more flexibility, you can achieve it within the ACL framework.

I'm not claiming that *all* ACL systems allow wonderful delegation
properties.  I'm just claiming that if you want super delegation,
there's no reason you can't build it into an ACL system.  To show
the latter, it suffices that *one* example that meets the criteria.

If ability to delegate privileges is your only criterion, there's
no reason why you can't use an ACL system instead of a capabilities
system.