Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!mcvax!boring!jack
From: jack@boring.uucp (Jack Jansen)
Newsgroups: net.unix-wizards
Subject: Re: Symbolic user names and RFS
Message-ID: <6805@boring.UUCP>
Date: Sun, 2-Mar-86 13:54:24 EST
Article-I.D.: boring.6805
Posted: Sun Mar  2 13:54:24 1986
Date-Received: Tue, 4-Mar-86 03:17:41 EST
References: <674@oliveb.UUCP> <1246@ubc-ean.UUCP> <759@im4u.UUCP> <591@cheviot.uucp> <781@im4u.UUCP> <606@cheviot.uucp>
Reply-To: jack@mcvax.UUCP (Jack Jansen)
Organization: AMOEBA project, CWI, Amsterdam
Lines: 20
Apparently-To: rnews@mcvax

The whole problem is the capability vs. access control list
question.

While access control lists are usually much easier in use (you
never have to specify passwords, etc, except when you
log in), there has to be a central authority handing out
user names.

Capabilities (e.i. passwords) don't need centralized administration,
but you have to specify a password on every access.

So, in a distributed network, especially one spanning multiple
organizations, it is probably better to use capabilities in stead
of ACL's.
Now, the only problem is to integrate capability-based
security mechanisms in unix......

-- 
	Jack Jansen, jack@mcvax.UUCP
	The shell is my oyster.