[Cap-Talk] Re: Is there a capability RFC?

[David L. Nicol]

John Stracke wrote:

> Could you expand on how capabilities would let us do away with mutual trust
> relationships? It seems to me that a capability actually encodes a mutual
> trust relationship.

The overview draft defers encoding of trust relationships to the
implementations.  Providing a standard encoding method for them would 
increase interoperability.  "To post to the calendar, use the attached
key" could be given, without verifying that the CUA that will be used
uses the same vendor-extended key protocol.

 
> > For instance, the "ability to flood a calendar system with bogus
> > requests" could be greatly mitigated by use of capabilities in the
> > basic archtecture.
> 
> How? You still need to examine each request to determine whether it's
> authenticated.

a capability could, for instance, be associated with an upper limit
of number of posts can be made with it.  This can be done with user
accounts as well, certainly, and the complexity is about equal, and
associating a capability with a user account would be a reasonable way
to implement the limit.

 
> > If every event is persistently tagged with the
> > capability under which it was posted, removing (and submitting for
> > re-moderation) all events posted under a compromised capability becomes
> > trivial.
> 
> (a) How is this different from removing events posted by a particular user
> during a particular time range?

"By a particular user" is more vague, as it doesn't address how we know it
was them.

> (b) What about events posted by the legitimate user of the capability?

"... and submitting for re-moderation"





Anyway, what about entities that are not individual people?  Wedging
them into "user accounts" is standard practice, yes, but that doesn't
make it elegant.