@Rob, Agreed, but capability sounds like something of a merger. In auth- based, you separate authentication from authorization, and your credentials only say who you are (authenticate), not what you can do (authorization). Authorization is something that happens internally on the back-end. I could change your rights to do something, but you would still use the same credentials. I do not need to revoke them, nor do you need to worry about changing credentials every time your rights are extended/reduced/changed.
Capability (as described here), sounds like I have a unique credential for doing each action, almost as if the credentials identified who I am and what I can do. Now that I think about it, though, if the credential is meant to be shared, then it does *not* identify who I am, just what I can do. So, if I understood it correctly, it isn't a hybrid, it is a more radical version of traditional authorization. On Feb 24, 9:45 am, Rob Meijer <[email protected]> wrote: > There are two philosophies, but not as you identified them. Rather: > > 1) Identity based access control: Single (user level) granularity access > control. Centralized mostly mandatory style of granting. No delegation > other than true central administration or proxies. > 2) Authorization based access control (capabilities) : Multi granularity > access control. Decentralized discretionary style of granting and > delegating. > > The problems I have with scenario 1 are: > > a- granularity: User level granularity is simply no longer in sync with the > 21th century threat landscape. > b- scalability: Centralized and mandatory access control simply doesn't > scale across modern day multi-domain environments. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
