[e-lang] Comments on securing_python.txt (was: Brett proposes object-capabilities for Python)
Brett Cannon
brett at python.org
Thu Jul 20 13:47:59 EDT 2006
On 7/19/06, Mark S. Miller <markm at cs.jhu.edu> wrote:
>
> Brett Cannon wrote:
> > The new doc is named securing_python.txt and
> > can be
> > found through the svn web interface at
> >
> http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log
> > If people have questions feel free to ask here or me personally.
>
> A first quick comment on your doc:
>
> > There are essentially two types of security: who-I-am
> > (permissions-based) security and what-I-have (authority-based)
> > security.
>
> I think this mixes up two distinctions.
>
> I like your term "who-I-am security" for identity-based access control
> systems
> (IBAC), such as the typical use of ACLs. And I like "what-I-have" security
> for
> authorization-based access control systems (ABAC), such as the typical use
> of
> object-capabilities.
OK, I see what you mean. I removed the permission and authority labels for
who-I-am and what-I-have, respectively.
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20060720/1709c634/attachment.html
More information about the e-lang
mailing list