Is there anything "better" than Access Control Lists (ACLs)?

Question

I've spent some time casually mulling over ACLs in my head. I can see the real benefit of ACLs and their flexibility. But I have some serious concerns when it comes to implementing ACLs for a project that could have hundreds of thousands of users , if not millions. All connected someway to hundreds of thousands of resources (such as images, messages, BLOBs).

It seems to me that the overhead in processing and managing the rules applied to millions of resources for hundreds of thousands of users would be obscene.

But then I haven't seen any alternatives. Are there any beyond username, password, user-level?

Answer 1

Most companies end up being crushed under the weight of their RBAC and or ACL implementation. Whether they realize it or not. The future is attribute based access control. Simplifies things by going from "Johnny can access X because he is in the admin role." to "Johnny can access X because it is between 8-5 and he has clearance X as well as part of business unit Y."

Google XACML and watch this amusing presentation on Roles http://vimeo.com/2723800 . Zed nails it.

Answer 2

Managing ACLs (or any equivalent) can be a bear if you don't plan ahead. The one thing that makes the biggest difference is to grant access to groups, not individuals, avoiding redundancy. This is particularly relevant when a group contains other groups.

Answer 3

Have a google for "Role Based Access Control" and "Domain-Based Network Management".

Answer 4

I would not be too scared of any performance impact of ACL.

If it turns out to be slow, profile it and optimise it.

There's nothing in it that is inherently so slow as to make it unsuitable for large projects.