Korona wrote:
EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.
Ah, ok. Thanks.
So a capability is like a handle or (file) descriptor or maybe like a key.
And ACL is the bigger brother of file permissions, I guess.
And a C-list is simply an number-index referring to capabilities, do I understand that right?
https://en.wikipedia.org/wiki/C-list_(computer_security)
Greetings
Peter