Re: ACL (access control lists) generic design questions

["Peter G. Neumann" <neumann () csl sri com>]

William, I'll be very interested in your extensible ACL-style authorization.
If you are serious about generalizing the ACL interpretations, you might
think back not just to Multics (with directories and files having different
interpretations of the ACL protection bits), but also to our Provably Secure
Operating System (PSOS), in which each capability had an associated type and
where the capabilities for each type had their own type-specific
interpretation of the protection bits.  PGN

@inProceedings{DaleyNeumann, 
Author="R.C. Daley and P.G. Neumann", 
Title="A General-Purpose File System for Secondary Storage",
Booktitle="{AFIPS} Conference Proceedings, Fall Joint Computer Conference",
Publisher="Spartan Books", Year="1965", Month="November", Pages="213--229"}

The 1973-1980 work on PSOS is summarized more recently in "PSOS Revisited":

@InProceedings{NeumannFeiertag03, 
Author="P.G. Neumann and R.J. Feiertag", 
Title="{PSOS} Revisited",
BookTitle="Proceedings of the 19th Annual Computer Security Applications
Conference (ACSAC 2003), Classic Papers section", 
Organization="IEEE Computer Society",
Address="Las Vegas, Nevada", Year="2003", Month="December", pages="208--216",
NOTE="http://www.csl.sri.com/neumann/psos03.pdf.";;
}