[cap-talk] distributed capabilities for models?
alan.karp at hp.com
Mon May 3 16:59:39 EDT 2004
Liang Fang wrote:
> Considering what I have done, I would wrap up the model
> resource access
> as a Web service. The web service is run by the resource owner. The
> resource owner issues capabilities which contain different detailed
> accessing policies, signed with the credential of the resource owner.
> The capabilities can be distributed in any way -- copy and
> paste, email,
> even fax and scan :), though a seperate manager is prefered. Upon
> invoking the web service, the capability token is inserted in
> the SOAP
> message which is signed again with the user's credential. At
> the service
> side, the policy is extracted and checked for the final accessing
> decision. The capability injection and verification work is
> done by the
> underlying SOAP engine and thus mostly transparent to the service
> itself. As the resource owner, you can have your own groups
> or roles for
> the administrative convinience.
A nice description of what e-speak did :) One thing you have to be careful of is how you name the things in the certificates. Consider the case where you issue a certificate for some resource today, tomorrow you delete the resource, and next week you accidentally reuse the name for something entirely different. Unless you revoked all relevant certificates before you reused the name, you've given someone a permission you didn't intend to give. E-speak avoided this problem by adding a level of indirection, but other solutions are possible.
Technical Computing Research Group
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Alan H Karp.vcf
Size: 774 bytes
Desc: not available
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20040503/849fdced/AlanHKarp-0001.obj
More information about the cap-talk