« Chuck E. Cheese's Authorization Protocol | Main | OWASP Podcast Interview »



The only model I've ever really seen work in any open/free/evolved setting is capabilities. This mostly shows in the sense that access control models don't work, and shine by their ability to stop work not enable it ... and simpler models (like password logins) evolve until they are like capabilities.

But of course it is highly immoral to say things like that because the compliancepolizei go loopy about the apparent lack of control.


Agree. I think capabilities is either Attribute based access control or Policy Based access control, depending on how policy is deployed.

the overall trend line shows more granularity in access control, which potentially yields better policy expressibility & more flexibility.

So while terminology is different I think the NIST/NSA work comes to the same conclusion, after all capabilities are expressed as attributes which are either asserted in a vanilla fashion or in the context of a policy

The comments to this entry are closed.