Question

• What are the differences between capabilities and ACLs?

Answer 1

Capabilities and access control lists(ACls) actually have a fairly symmetric relationship:

• in an access control list model of security, the authorities are bound to the objects being secured;
• in the capabilities model, the authorities are bound to objects seeking access.

So if the objects are laid out in a table, with the access-seeking objects across the top and the security-seeking objects down the side, the columns represent sets of capabilities, and the rows reprexesent individual access control lists.

	Word processor	Uninstaller	Doom game
Operating System	Read Authority	Write Authority	No Authority
Confidential Docs	R/W  Authority	No Authority	No Authority
Saved games	No Authority	No Authority	R/W  Authority

set of capabilities is uninstaller column -blue color

individual access control list is confidential Docs - red colour

some notable difference are:

1. ACL is an acess based object scheme whereas the capability ticket mechanism is basically a ticket based permission system for objects.
2. Despite both the mechanism being part of the matrix. Both of them work on different functionality for the object.
3. ACL sorts the data through object reference and Capability system sorts this through ticket based subject system.
4. ACL based scheme usually has open call where as the capability system does not have the open call in ticket based scheme.
5. ACL makes reference to the object and principal where as the capability system makes no reference to principal.
6. To sum up a capability ticket will allow the user to lend out or give tickets to the other users. But in ACL , the system does not allow any transfer of rights.