Insight gained from reading a paper titled "ACLs don't" that is really obvious in retrospect:

the confused deputy problem happens exactly because authority-based systems care about the authority of whoever directly performs an operation, and that intuition/model breaks when there's a *delegation*, i.e. with deputies.

It would be possible to deal with simple delegation, but it won't work when there are multiple levels of it or when there are complex delegation graphs.

@bugaevc Do you have a link to this paper? Sounds quite interesting.

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!