Shared address space and trust and what is a "user" [Re: Our
Sat, 10 May 1997 21:11:45 -0500
At 5:49 AM -0500 5/10/97, Alaric B. Williams wrote:
>ACLs are a pain when you have lots of identities.
>Lists of accessible objects for each identity are a pain when you have
>lots of objects.
I tend to think of ACLs as something attached to objects and only
referencing identities, rather than the other way around. Thus an ACL in
the Andrew File System is attached to a directory and specifies who may
access that directory; it's not something attached to the user and listing
what directories they may access.
Your model -- operations and identities have "privilege lists" and they
must intersect for an operation to be performed by an identitiy -- would
work too, in certain cases.
I think both are worthwhile in certain contexts: ACLs are good for
determining what is visible to a given identity, and PLs are good for
determining what that identity can do.