[Squeak-e] capabilities question...
Michael van der Gulik
mikevdg at hetnet.nl
Fri May 9 16:16:12 CEST 2003
Hi all.
I'm reading that rather interesting paper about capabilities (and the
myths thereof) on erights.org. I'm playing around with Squeak and
researching how it could be distributed using replication etc. See
dpon.sourceforge.net if you're interested. I may switch to E, but I'm
just nosing around at the moment, and reading a lot.
Question: it seems quite possible to implement ACL's using capabilities.
Would this be true?
Say for example that you have a secure object called 'Secret'. Other
objects access 'Secret' through proxy objects. These proxy objects
simply pass all messages through to Secret, and can be turned on and
off, to allow and disallow (revoke) access to Secret.
Now, assuming that some management system was built around this schema,
each proxy object is quite like an item in an Access Control List.
If an authentication mechanism was also provided for subjects, which was
enforced by the proxies, then would there be any difference between this
and another implementation of an ACL system?
Michael.
More information about the Squeak-e
mailing list