[
Lists Home |
Date Index |
Thread Index
]
On Wednesday 20 February 2002 04:33 pm, Michael Brennan wrote:
> > I talked to an EJB expert about REST. We were talking about
> > security models. I described how REST has a natural ACL or
> > capabilities model. What's the natural model of RMI (which is
> > basically OO RPC with class distribution)?
An RPC {host,method) pair is roughly akin to a capability... in fact
in one of our products we use this id to protect method calls over RMI.
That said, both the above and REST are flawed as a capability-based
system because of the arbitrary discoverability holes.
|