[cap-talk] What are caps good for? "Encapsulation"? POLA
vs. confinement - long, but with some meat
Jed Donnelley
jed at nersc.gov
Fri May 14 13:13:14 EDT 2004
At 10:04 AM 5/12/2004, Karp, Alan wrote:
> > -----Original Message-----
> > From: cap-talk-bounces at mail.eros-os.org
> > [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of
> > Jonathan S. Shapiro
> > Sent: Wednesday, May 12, 2004 4:08 AM
> > To: General discussions concerning capability systems.
> > Subject: RE: [cap-talk] What are caps good for?
> > "Encapsulation"? POLA vs. confinement - long, but with some meat
> >
> (snip)
> > >
> > > What about rights amplification?
> >
> > I'm confused. What does this have to do with a "do not share"
> > or "do not copy" bit?
>
>I was trying to find an example where preventing delegation is useful even
>when you can't prevent proxying. If some operation succeeds only when two
>capabilities are presented, then giving one capability to Alice and the
>other to Bob doesn't give Carol the authority even if both Alice and Bob
>are willing to proxy for Carol. Carol only gets the permission if both
>Alice and Bob transfer their capabilities to her. Enforcing the "do not
>delegate" bit prevents this transfer.
> (snip)
> >
> > shap
>________________________
>Alan Karp
Just to try to further clarify this example (whose relevance seems a bit
limited to me),
will this rights amplification succeed or fail if Alice and Bob both proxy
their capabilities to Carol
(rather than transfer them directly in apparent violation of the delegation
restriction)?
--Jed http://www.nersc.gov/~jed/
More information about the cap-talk
mailing list