Security '01 Abstract
Capability File Names: Separating Authorisation
from User Management in an Internet File System
Jude T. Regan and Christian D. Jensen, Department of Computer Science, Trinity College, Dublin
The ability to access and share information over the Internet has
introduced the need for new flexible, dynamic and fine-grained
access control mechanisms. None of the current mechanisms for
sharing information -distributed file systems and the web -
offer adequate support for sharing in a large and highly dynamic
group of users. Distributed file systems lack the ability to share
information with unauthenticated users, and the web lacks fine
grained access controls, i.e. the ability to grant individual
users access to selected files.
In this paper we present Capability File Names, a new access
control mechanism, in which self-certifying file names are used as
sparse capabilities that allow a user ubiquitous access to his
files and enables him to delegate this right to a dynamic group of
remote users. Encoding the capaility in the file name has two
major advantages: it is self-supporting and it ensures full
compatablity with existing programs.
Capability file names have been implemented in a new file system
called CapaFS. CapaFS separates user identification from
authorisation, thus allowing users to share selected files with
remote users without the intervention of a system administrator.
The implementation of CapaFS is described and evaluated in this
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.