[Cryptography] Do capabilities work? Do ACLs work?
Tony Arcieri
bascule at gmail.com
Wed Feb 11 14:31:12 EST 2015
On Tue, Feb 10, 2015 at 4:52 AM, ianG <iang at iang.org> wrote:
> On 10/02/2015 04:59 am, Ben Laurie wrote:
>
> As Bill points out, this is exactly the point of capability systems (he
>> didn't say it, but it is what he meant). A long time ago we had a choice
>> between ACLs and capabilities, and we chose the wrong thing.
>>
>> Capability systems do exist, but we also have a lot of ACL-based
>> engineering to fix in order to properly use them.
>>
>
>
> Having watched/worked with capability ideas for a while, I'm of the
> opinion they don't work as well in practice as the theoretical pundits
> would have it.
>
> Also, the users continue to demand ACLs.
One other important thing to note: capabilities and ACLs aren't a
dichotomy. You can use capabilities to implement ACLs.
As to why capabilities aren't more widely adopted, I think the most
important thing is they're incredibly hard to retrofit. Once you go down
the ambient authority road, turning back is very hard, because adding
capabilities to a system that already implements ambient authority leaves
you in the worst of both worlds.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150211/44477fe2/attachment.html>
More information about the cryptography
mailing list