[cap-talk] Comments on a paper

Kevin Reid kpreid at attglobal.net
Sat Jul 2 00:05:45 EDT 2005 

On Jul 1, 2005, at 21:52, David Hopwood wrote:
> Kevin Reid wrote:
>> By Alice building the forwarders, which Bob would otherwise host and 
>> give to David and Edward, into her service.
>>   interface SpaceProvider {
>>     to claim() :Space
>>     to subdivide(portion :Number, label :String) \
>>       :Tuple[SpaceProvider, Log, Revoker]
>>   }
>> The 'subdivision' SpaceProvider, hosted by Alice, remembers its 
>> 'parent', and so Alice can note the complete 'delegation' path for 
>> each request.
>
> That's exactly the approach I was thinking of.
>
>> (Without further protocol, Alice has only Bob's word for who the 
>> subdivision is being given to. This can be changed.)
>
> Indeed, for example:
>  - Alice provides a random challenge, which Bob forwards to Dave
>  - David seals/brands it together with his resource request, and sends 
> it back to Bob who forwards it to Alice.
>
> So we need something like cryptographic sealers or branding for this, 
> but it's still a capability-based design with all the usual 
> cap-security properties.

I'd do something more like this:

   interface SpaceProvider {
     to claim() :Space
     to subdivide(portion :Number, label :String, recipient) \
       :Tuple[Log, Revoker]
   }

where 'recipient' presents the interface of an E Resolver. Alice could 
then check if something already known to her acknowledges it as a 
representative (such as in the vouching messages of ERTP), and record 
that subdivision as belonging to Dave-as-Alice-knows-him.

Since Alice has verified the recipient as being an agent of Alice's 
Dave, Alice may then assume Alice's Dave authorized any use of that 
subdivision (rather than Bob-and-his-unnamed-delegates), even though 
Bob made the decision to grant it to Bob's Dave.

If Alice does not recognize the recipient, she could reject the 
request, or record the new subdivision as being for Bob's "Dave" (from 
the label parameter), just as in the previous version of the protocol.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>

More information about the cap-talk mailing list