Re: Capability vs ACL models of security

Li Gong (gong@games.eng.sun.com)
Mon, 13 Jul 1998 18:23:10 -0700

Date: Mon, 13 Jul 1998 18:23:10 -0700
Message-Id: <199807140123.SAA29160@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: "J.D. Fagan" <jfagan@2bridge.com>
Subject: Re: Capability vs ACL models of security
In-Reply-To: J. D. Fagan's mail of Mon, 13 July, 1998

There are often claims that "Java is not secure enough" or a
particular approach is better than the one used by JavaSoft/Sun. As
technical people, we evaluate such claims seriously and generally
improve our products when we see valid arguments. On the other hand,
many of those claims are biased and without many other considerations
that make a product work in real-world situations. However, we do not
normally use this forum (mailing alias) to do comparative analysis,
for various reasons.

By the way, it is generally accurate to say that "the ACL model is
used in JDK 1.2", because the way access control policy is specified,
but given the OO nature of things, lots of details are dependent on
object references being kept safe.

Li Gong, PhD
Java Security Architect and Distinguished Engineer
Java Software Division, Sun Microsystems, Cupertino, California, USA
Email: li.gong@sun.com and Web: http://java.sun.com/people/gong
Tel: 408-343-1825 and Fax: 408-343-1993

J. D. Fagan writes:
> http://www.communities.com/company/papers/security/index.html
>
> What are your thoughts about this URL's claim that Java is not secure
> enough? Is this based on JDK 1.1 or 1.2 in your opinion? And do you think
> that Capability based security is better approach than ACL security? Am I
> correct in assuming that the ACL model is used in JDK 1.2, correct?
>
> Thanks for any feedback,
>
> J.D. Fagan
> 2Bridge Software
>
>