[cap-talk] What are caps good for? "Encapsulation"? POLA vs. confinement - long, but with some meat

Karp, Alan alan.karp at hp.com
Fri May 14 16:09:49 EDT 2004 

Jed Donnelley wrote:
> 
> Just to try to further clarify this example (whose relevance 
> seems a bit 
> limited to me),
> will this rights amplification succeed or fail if Alice and 
> Bob both proxy 
> their capabilities to Carol
> (rather than transfer them directly in apparent violation of 
> the delegation 
> restriction)?
> 

It will fail even if they both proxy since no single request can carry both capabilities.

________________________
Alan Karp
Principal Scientist
Technical Computing Research Group
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp


> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Jed Donnelley
> Sent: Friday, May 14, 2004 10:13 AM
> To: General discussions concerning capability systems.
> Subject: RE: [cap-talk] What are caps good for? 
> "Encapsulation"? POLA vs. confinement - long, but with some meat
> 
> 
> At 10:04 AM 5/12/2004, Karp, Alan wrote:
> > > -----Original Message-----
> > > From: cap-talk-bounces at mail.eros-os.org
> > > [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of
> > > Jonathan S. Shapiro
> > > Sent: Wednesday, May 12, 2004 4:08 AM
> > > To: General discussions concerning capability systems.
> > > Subject: RE: [cap-talk] What are caps good for?
> > > "Encapsulation"? POLA vs. confinement - long, but with some meat
> > >
> >                                 (snip)
> > > >
> > > > What about rights amplification?
> > >
> > > I'm confused. What does this have to do with a "do not share"
> > > or "do not copy" bit?
> >
> >I was trying to find an example where preventing delegation 
> is useful even 
> >when you can't prevent proxying.  If some operation succeeds 
> only when two 
> >capabilities are presented, then giving one capability to 
> Alice and the 
> >other to Bob doesn't give Carol the authority even if both 
> Alice and Bob 
> >are willing to proxy for Carol.  Carol only gets the 
> permission if both 
> >Alice and Bob transfer their capabilities to her.  Enforcing 
> the "do not 
> >delegate" bit prevents this transfer.
> >                                 (snip)
> > >
> > > shap
> >________________________
> >Alan Karp
> 
> Just to try to further clarify this example (whose relevance 
> seems a bit 
> limited to me),
> will this rights amplification succeed or fail if Alice and 
> Bob both proxy 
> their capabilities to Carol
> (rather than transfer them directly in apparent violation of 
> the delegation 
> restriction)?
> 
> --Jed http://www.nersc.gov/~jed/ 
> 
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Alan H Karp.vcf
Type: application/octet-stream
Size: 774 bytes
Desc: not available
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20040514/b318f65e/AlanHKarp.obj

More information about the cap-talk mailing list