There are two ways of looking at Access Control. One is easy, with a
direct relation to the resources being managed. The other is advanced,
but like putty in the hands of administrators; moreover, it is highly
efficient. Efficiency matters; it allows us to enforce access control
everywhere, with no experienced discomfort. We derive the efficient
model from the one that is easy to use.
Our work on Identity is ultimately for controlling access to
online services. We now introduce our thoughts on Access Control.
The whole story is complex, but an analogy to the phone system can
help to explain it.
The essential game of Realm Crossover is one of juggling
realms as part of identities. This brings us a number
of "support levels" that we could describe. This forms an
interesting perspective on the growing path of the
For client-server networking, NAT traversal is a solved problem.
For peer-to-peer networks it is not possible to do in general,
but the potential of these networks in the liberation of users
from "central" services is quite big. The 6bed4 tunnel allows
applications to be designed as peer-to-peer IPv6 applications
with only a fallback (to your own tunnel server) if necessary.