[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: the deadly hypercube of death, or: handling permissions
|
From: |
Ludovic Courtès |
|
Subject: |
Re: the deadly hypercube of death, or: handling permissions |
|
Date: |
Thu, 27 Apr 2006 14:59:26 +0200 |
|
User-agent: |
Mutt/1.4i |
Hi,
On Thu, Apr 27, 2006 at 02:24:49PM +0200, Marcus Brinkmann wrote:
> At Thu, 27 Apr 2006 13:58:30 +0200,
> Pierre THIERRY <address@hidden> wrote:
> > Something should also be considered: is it always needed or desirable to
> > have many independent permissions associated with one capability? I
> > mean, if execution permission has no relation with read/write
> > permission, there is no need for a capacity that could designate both.
> > If I want to execute a file, I invoke the execution cap. If I want to
> > read it, I invoke the read cap.
>
> This works, but could easily result in a management nightmare. You
> would have to keep track of up to N capabilities for each "actual"
> capability you are interested in. Delegation would then be simple of
> course: You just select the desired capabilties from the set.
In practice, there should not exist a zillion of permission types for a given
interface. Otherwise, that might mean that the interface is just too
large.
For small, specific interfaces, permission bits may even not be
needed at all most of the time: a capability to an object implementing a
small interface is already a very small, potentially "atomic" (i.e., no
further dividable) piece of authority.
Thanks,
Ludovic.
- Re: Design principles and ethics, (continued)
- Physical access without ultimate power? (was Re: Design principles and ethics (was [...]))), Pierre THIERRY, 2006/04/30
- Re: Physical access without ultimate power? (was Re: Design principles and ethics (was [...]))), Bas Wijnen, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Marcus Brinkmann, 2006/04/30
- Re: the deadly hypercube of death, or: handling permissions, Jonathan S. Shapiro, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions, Marcus Brinkmann, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions,
Ludovic Courtès <=
- Re: the deadly hypercube of death, or: handling permissions, Marcus Brinkmann, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions, Ludovic Courtès, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions, Tom Bachmann, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions, Ludovic Courtès, 2006/04/27
- Re: the deadly hypercube of death, or: handling permissions, Marcus Brinkmann, 2006/04/27
- Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), Pierre THIERRY, 2006/04/27
- Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), Marcus Brinkmann, 2006/04/27
- Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), Pierre THIERRY, 2006/04/27
- Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), Marcus Brinkmann, 2006/04/27
- Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), Pierre THIERRY, 2006/04/28