The document summarizes Talal A. Alsubaie's 2001 paper on bracket capabilities for distributed systems security. It discusses access control methods like access control lists and capabilities. It then presents a case study of an e-banking system implemented in Java that uses bracket capabilities and role-based access control to restrict access to bank account objects and views based on a user's role (e.g. teller, manager, account owner). Bracket capabilities allow refining the interface exposed to restrict a user's access to only required methods.
12. How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
15. How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
32. Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2