Encryption vs. access control lists (ACLs) draft
Perhaps call this whole section "Access model", show how the access model works (perhaps with a schema), then compare it to ACLs.
Condensation's access model is based on encryption rather than ACLs. Instead of restricting access through a set of rules, access is restricted through encryption.
This has several advantages:
- With encryption, access rights are applied to the data itself rather than to resources holding data (e.g. file, or a folder).
- Documents are shared through message-passing rather than shared resources.
- Derived work (e.g. from a template) is private by default, until explicitly shared.
- Managing ACLs tends to be difficult. Message-passing is easier to use, and far less error-prone.
- System administrators do not have access to the data of the employees (and managers), unless the data is explicitly shared with them.
- Encryption allows for data sharing and synchronization in a fully distributed setting.