[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
David Wagner
daw@mozart.cs.berkeley.edu
27 Jan 2001 01:15:21 GMT
Jonathan S. Shapiro wrote:
>It's a perfectly okay design, but it isn't an ACL system
>anymore. It also, in practice, is an infeasible design.
Well, ok, what shall we call it? I'll try to adapt to whatever
nomenclature you prefer. [1]
But what's of much more interest to me than semantics is a technical
question: What's the matter with designs that combine ACL's and
delegation? For instance, what's broken about my proposal?
(I wasn't suggesting dynamic introduction of principals, so that's not
the problem.)
I'm very interested to learn what makes it infeasible. Maybe this will
help me to better understand the feeling on this list that ACL systems
are broken and capabilities are the right way to go.
Regards,
-- David
[1] By the way, if an eventual goal of this list is to be an advocate
for capabilities systems, it occurs to me that this might be a barrier
for outsiders trying to appreciate the contributions of this list.
I don't know; maybe I'm the only one to find this confusing...