Re: ACL Draft

Paul,

> > As for user perception of the complexity of booleans: we're talking
> > about the PROTOCOL here. Whether you let the user's see the booleans
> > directly or have some kind of check-box interactive display is an
> > interface issue.
> >
> If you can show me at least one UI design that hides this complexity,
> I'll buy it. Until then, it will be true that I've never seen a UI that
> can make anything simpler than the underlying intrinsic complexity --
> it's the law of conservation of complexity.

I'll bet you've already bought it.  Do you use Windows NT?  Have you looked
at its API for access control (or did you design it)?  It seems quite
complex to me, although I believe I understand the need for the complexity.
The UI for setting access control on files seems reasonably intuitive,
however, at least to me.  It appears that your UI designer chose not to
expose all of the underlying functionality, and got a pretty good result.

Another interesting thing about that API is the fact that it exposes
security identifiers (SIDs) for users and groups.  Not entirely, but it
provides quite a few functions for doing useful things with them.  When I
login to NT, I enter my username as "hep".  I do not enter my SID.  Why is
that?  And why don't the ACLs refer to me by my username when I retrieve
them through the API?

What I'm looking for in the access control protocol is something like the
SID as a user id or group id.  It can be opaque, but it needs to have
certain properties (as the SID does), and it would sure be nice if the
protocol supported analogs of a lot of those nice functions that the NT API
provides for SIDs.

I imagine, although I don't know, that NT-to-NT authentication uses SIDs in
the authentication credentials.  If so, that's swell for you and your
proprietary authentication protocol, but those of us who have to support
authentication protocols such as HTTP basic authentication don't always get
to choose what form the authentication credentials take.  That shouldn't
mean that we have to do without something like SIDs in the access control
protocol, since we can map the authentication credentials to whatever we
like.

By the way, where can read more about the "law of conservation of
complexity"?

Howard

Received on Thursday, 23 October 1997 23:20:07 UTC