Access Control Lists (ACL) and Capability Tickets oth are created in matrix. The ACL contains lists of users for a particular object that has certain access rights determining which subjects are given the access to a particular source of content or resource. It provides information on a given resource though this type of data structure might cause some inconvenience while determining the access rights for a specified user. While on the other hand a Capability Ticket will specify all the authorized functions or objects with a system of breaking down the rows further where each user will have a number of tickets which they can authorize to lend to other users.
For further claification ALC is a of access or a table by object while a Capability Ticket is for accessing a table by subject. While with ACL you are capable of deleting a user from the list removing the user to gain access to the resource henceforth, but in the Capability Ticket system this will not happen. In the cases of Capability Tickets each process will have a specific set of access rights. Again this will not happen with the ACL cases where every process will be executed by a user who would be having the same rights.
To sum up a Capability Ticket will allow the users to lend out or give tickets to the other users. But in ACL, the system does not allow any transfer of rights.
•Access Control List and Capability Ticket both are developed in a matrix form.
•An ACL lists users for an object with certain access rights and determines which subjects have path to a precise resource. •It provides information for a given resource regardless of how this data structure is discomforting for determining access rights to a stated user hence in contrast a capability ticket specifies certified operations or objects by further breaking down rows through which each user has a number of tickets which they may be certified to give out to other users or loan them. •Specifically ALC's sort or access a table by object though as a capability ticket sorts or accesses a table by subject. • An ACL allows you to delete a user from the list, and that user can no longer gain path to the object but in a capability system this is not the case. •Also with capability tickets each process has an exactly specified set of path rights which is not the case with an ACL as every process executed by a user has the same license. described above a capability ticket allows users to loan or give tickets to other users but in an ACL it does not allow rights transfer. •Breakdown to the capability ticket is extra security measures need to be taken on the loaning or giving out to other user's tickets.
Access Control Lists can be simply explained as the mechanism that allows the permission on who can access the object. Capability Ticket refers to the process that shows what objects are allowed to access and what operations are allowed on it.
Some of the notable differences are -
1. ACL is an access based object scheme whereas the Capability ticket mechanism is basically a ticket based permission system for objects.
2. Despite both the mechanism being part of the matrix. Both of them work on different functionality for the object.
3. ACL sorts the data through object reference and Capability system sorts this through ticket based subject system.
4. ACL based scheme usually has open call whereas the capability system does not have the open call in ticket based scheme.
5. In ACL there are two global mappings and in Capability systems there is one local mapping for each process. Capability system has - process identity, index. In case of ACL there is principal and FS_lookup.
6. ACL makes reference to the object and principal whereas the capability system makes no reference to principal.
7. Capability system has the parameter "i" in it's reference that solves the confuse deputy problem. In ACL there is no such mechanism to solve.
8. In ACL, the user identity process is started by the process who starts it and in Capability system solutions for the same problem varies.
These are some of the differences for the Access control List and the Capability ticket.