- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Thu, 27 Sep 2012 09:53:21 -0400
- To: Ben Laurie <benl@google.com>
- CC: public-webid@w3.org
- Message-ID: <50645A51.1020100@openlinksw.com>
On 9/27/12 9:39 AM, Ben Laurie wrote: > On 27 September 2012 14:36, Kingsley Idehen <kidehen@openlinksw.com> wrote: >> On 9/27/12 7:26 AM, Ben Laurie wrote: >>>>> So, the point is this: object capabilities are a security mechanism, >>>>>>> like ACLs. Their purpose is to restrict access to resources to only >>>>>>> the intended accessors. >>>>> >>>>> A security mechanism can be an object capability. >>> What do you mean by this? >> >> There is a relationship between an resource owner entity, a document entity, >> and an acl rule (another entity) that enables resource access control, which >> in my world view is a capability. > This is pointless. Capabilities have an accepted definition and they > are provably not equivalent to ACLs. > > If this helps you, as per my comment in an earlier post, I am not using ACLs. For instance, if I constrain access to a resource using a policy that only permits access to identities in a specific relationship with Henry Story (denoted by his WebID), how would that be construed as an simply being an ACL? That's logic in action. Instead of us arguing about labels, lets talk about entity relationship semantics and their implications when combined linked data graphs etc.. Ultimately, that's what this is all about. -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 27 September 2012 13:53:48 UTC