[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

Nikita Borisov nikitab@cs.berkeley.edu
31 Jan 2001 20:17:33 GMT

In article <000401c08860$e15d4d00$763adbd5@skin.oilspace.com>,
Tyler Close <tclose@oilspace.com> wrote:
>David Wagner wrote:
>> But what's of much more interest to me than semantics is a technical
>> question: What's the matter with designs that combine ACL's and
>> delegation?  For instance, what's broken about my proposal?
>Your proposal, as I understand it, is to invert the capability model,
>so that all access authorities are held in a central database, as
>opposed to being held by the subjects. 

In an ACL system, the ACLs are held by the objects, and not in a central

>Although not stated, I assume that your design also requires that all
>accesses of Bob must be preceded by some sort of system "authorize()"
>method call, like:
>	authorize(carol_id, bob_id);

This is not typically the case in an ACL system; instead, each access is
checked by a reference monitor which verifies that Bob's ACL includes
Carol.  There's no need to explicitly authorize access.

Both of the details that you suggest (and then proceed to find fault
with) are not part of traditional ACL systems; I fail to see what part
of David's proposal necessitates their introduction.

- Nikita