Re: SC-L-DIGEST V1 #37

[Ken Goldman <kgold () watson ibm com>]

Back in the late 1980's, Apollo Computer (later bought by HP) had an
OS called Aegis.  It had, as I recall, 21 different specifiers, plus
inheritance, and they changed meaning for files and directories.  It
was everything you could think of.

OTOH, the resulting security was awful.  We had their systems in our
CAD department, and no one could spend months figuring out what the
ACL's should be.  The obvious solution was to set "everybody,
everything" so we could get our work done.

Perhaps for a huge system with a big, trained support staff, good
auditing tools, etc., this made sense.  But I think adding the
flexibility without extensive tools is doomed.  To me Unix does a
pretty good job of trading off features vs. usability for the average
user.

> I'm working on an extensible access-control-list style authorization 
> system, beyond the usual read/write authorization schemes, probably to be 
> written as a Perl module for CGI use and using a database on the back end. 

-- 
Ken Goldman   [EMAIL PROTECTED]   914-784-7646