[cap-talk] the prize - risks w. "password capabilities", "path based"

Karp, Alan H alan.karp at hp.com
Wed Oct 27 00:19:50 EDT 2004

Jed Donnelley wrote:
> If it is Bob that communicates the capability to David then Bob can
> do that in any system.  Bob just does (or gets as a service) 
> transparent
> proxying of the capability so that he can pass the proxied capability
> to David.
One difference was that the proxying was done by Bob's machine without
involving the process I've been calling Bob.  Hence, the process Bob
would just pass the capability to David and didn't need to set up a
special object to proxy it.
> Perhaps this is again a terminology issue, but I would say that at
> the point the "introduction" happened (be careful about the reflector
> problem) the capability that Bob had was passed to David.  I assume
> at that point David and Bob both have the same rights to the resource.
In general, yes.  One aspect of the introduction process was that Alice
could choose to send David the same capability, a weaker one, or even a
stronger one.
> Another thing that appears to differ in your model is the notion of
> a "connection".  Do you assume such connections are set up
> on a long term basis for the purposes of servicing capability
> requests (invocations)?  Why?  Is that part of the underlying
> rights communication protocol?
Long-lived connections were a fundamental part of e-speak.  That's one
reason Alice might choose to refuse an introduction; she couldn't or
didn't want to support another connection.  An important part of the
communications protocol was an authentication step so that each side
knew who it was talking to.  This information was used to enforce
machine-wide policies.  That's probably our enterprise background
showing again.
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20041026/d875b8b6/KarpAlanH.vcf

More information about the cap-talk mailing list