[Cap-Talk] Request for comments on Hanson Goo

[Johan Hanson]

"Jonathan S. Shapiro" wrote:
> 
> I haven't had time to review the proposal, but I think it's worth posing the
> obvious question:
> 
> Why is a new capability model either required or appropriate? Why isn't the
> capability subset of SPKI appropriate?

I am more interested in comments on the model of access rights and
implicit restriction in delegation and how the model stands
up from a user's (i.e. API-using programmer's) perspective.

I view SPKI more like a implementation mechanism, and Goo's network
capabilities could probably be implemented in the framework of SPKI.
However, I don't want to. There are several issues with SPKI that I
think make it inappropriate for the applications that I have in mind.
In my opinion, SPKI violates the idea that capabilities should be
lightweight primitives.

What I dislike the most is certificate chains. They introduce much unneeded
complexity. The size of a capability GROWS when access rights are REMOVED
in delegation. You must disclose some of the access rights that delegatees
are in possession of - something that I am fundamentally against.
One could bypass certification chains by issuing shortcuts, but then
these certificates would not be revokable.

Regards
-- 
/ Johan@tiq.com
-------------------------------------------------------------------------
char*s="moc.qit@nahoj                        ",c,a[40],r[40];q(p,a)char*p
;{*p=(*p?*p-1-a:rand())%24+a;}main(){l:for(c=40;--c;){q(r+c,0);q(a+c,13);
printf("\e[%d;%dH%c\n",24-r[c],c*2+1,s[a[c]]);}usleep(1<<12);goto l;}
----------------------------------------------- 218 bytes -- aj där ya --