To control access to system resources, systems must store information about who is authorized to access what. Basically, there are two ways to store such informatio efficiently. The system can associate with each authorized user a list of what that person may do. Alternatively, the system can associate with with each resource a list of who may have access to it and what they can do with it. Lists of the former type are capability lists and those of the latter type are access control lists. Like Berstis [1] and Karger and Herbert [2], Lopriore has concluded that, even in a machine that provides architectural support for capability lists, each type of list has a role to play in efficient access control.
Lopriore’s paper combines, uncommonly well, scholarly and more pragmatic views of the relevant issues. Its treatment of capabilities’ weaknesses (dangling references, garbage collection, and revocation of privilege) is exemplary; so, too, are its rigor, comprehensibility, and the extent to which it refers earlier work, [1] and [2] excepted.