Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

First off, REST and capability based security are separate issues. You can have either one without the other. I like REST, but I'll ignore it from now on and just talk about capabilities.

Let's use a hypothetical message board system to illustrate the differences in style between an access control list model and a capability based model. People can read messages, add new posts, administrators can edit them, etc.

In a traditional Access Control List security model you would have different users, each of which has different permissions, so you'll do things like this:

my $b = Board->fetch(board => "perl-examples"); my ($subject, $message) = $b->get_post( user => $u, post_id => 42 ) or die "$u cannot get"; $b->new_post( user => $u, subject => "hi", message => "print 'hello world'" ) or die "$u cannot new"; $b->set_post( user => $u, post_id => 42, subject => "42", message => "is the answer" ) or die "$u cannot set";

You have a single user that has permission to do one or more operations.

With an capability model you ask for the capability to do something - and get given an object that will let you do the operation.

my $b = Board->fetch(board => "perl-examples"); my $get = $b->can_get or die "cannot get"; my $new = $b->can_new or die "cannot new"; my $set = $b->can_set or die "cannot set"; $get->(post_id = 42); $new->(subject => 'hi', message => "print 'hello world'"); $set->(post_id => 42, subject => "42", message => "is the answer");

You have multiple capabilities each of which allows you to perform individual operations

Why do it like this? Because it gives you great advantages in the granuality and scope of your security model.

Let's do a hypothetical task with our board system - create-table-of-contents.

We want to have a message on the board that contains a list of all the subject lines of the posts on that board. To do this we need to:

  • find-subjects (scan the posts for the subject lines)
  • update-toc (update table of contents message)

With an ACL model you would have run our create-table-of-contents routine with a user who can both get and set messages.

The disadvantage of this model is that the bit of code that reads the subjects doesn't need the ability to write posts. Equally, the bit of code that needs to update the table-of-contents message does not need the ability to read posts.

If you make a mistake in your reading code (or a malicious user subverts it somehow) then you can make unwanted changes to the contents of your board.

With a capability based model you would only give find-subjects the "get" capability object. You would only give update-toc the "set" capability object. Even if an evil user subverted find-subjects they wouldn't be able to make changes to the board since it lacks the appropriate capability object.

Having this fine level of granuality makes tweaking your security model so much easier. For example, we might discover that our admin users wander off leaving themselves logged in - allowing nasty people to come use there account to change posts.

With our ACL model one option is to expire the user if there has been no activity in 10 minutes. Unfortunately, this annoys our admin users since they spend most of the time doing "normal user" things and don't like to find themselves logged out all of the time.

With our capability model we have finer control and we can expire the "set" capability object after ten minutes inactivity - leaving the users "normal" capabilities still in full affect.

There are lots of variations on this sort of thing. Without knowing more about the particular problem you are trying to address it's hard to say whether ACLs or a Capability model would be better for you - but hopefully this makes the concept easier to get a handle on ;-)

In reply to Re: Using Capabilities? by adrianh
in thread Using Capabilities? by diotalevi

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    [james28909]: cant seem to make it look in linux module path for
    [james28909]: no matter how i prepare the paths. oh well. looks like ill just have to start wsl perl from scratch
    [Corion]: james28909: You can get a list of all modules on your Windows Perl via the autobundle command in the cpan shell. But that likely lists many more modules than you actually want. I recommend a clear separation and installing modules on ...
    [Corion]: ... both Perls separately. I use cpanfiles or Makefile.PL for that - listing all modules for an application there allows me to install them via cpanm . or cpan . automatically without any further interaction

    How do I use this? | Other CB clients
    Other Users?
    Others taking refuge in the Monastery: (5)
    As of 2018-05-23 17:21 GMT
    Find Nodes?
      Voting Booth?