What is the difference between Access Control Lists (ACLs) and Capability Tables?

What is the difference between Access Control Lists (ACLs) and Capability Tables?
A .  Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
B .  Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
C .  Capability tables are used for objects whereas access control lists are used for users.
D .  They are basically the same.

View Answer

Answer: B

Explanation: Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object. It is a row within the matrix.

To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.

CLEMENT NOTE:

If we wish to express this very simply:

Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix. It is a row within the matrix. ACL’s are attached to objects, it describe who has access to the object and what type of access they have. It is a column within the matrix.

The following are incorrect answers:

"Access control lists are subject-based whereas capability tables are object-based" is incorrect. "Capability tables are used for objects whereas access control lists are used for users" is incorrect.

"They are basically the same" is incorrect. References used for this question:

CBK, pp. 191 – 192 AIO3 p. 169