[cap-talk] Comments on a paper - resource "claims"

Nick Szabo szabo at szabo.best.vwh.net
Wed Jul 6 01:47:16 EDT 2005


Jed at Webstart wrote: 
>...LLNL...

With all due respect, it's doubtful that security developed for a 
hierarchical organization, full of trust third parties (bosses, 
systems administrators, etc.) is applicable to the Internet.

> ... "claim" to share writable access to a file with more than one user.
> Who has the "claim" to the storage?  I think one can argue that any
> or none do.  It gets even more complex as the resource becomes less
> physical and more logical - e.g. a directory (consider an insert only
> capability to a directory shared among multiple users) or a database.

There are a large class of these kinds of problems that can't be
done securely across trust boundaries, at least not without
fancy cryptography.

> ...I suggest the simpler approach of accounting for the costs
> of the base resource and allowing access to it in any potentially
> complex manner that seems desirable (e.g. DB table restrictions,
> directory access controls, etc., etc.).  Any time the costs of the base
> resource stop being paid for - the resource disappears, regardless of
> the logical sharing at a higher level (consider processor resources in
> this regard).

Scarce objects are the most straightforward way to conserve the 
base resource across trust boundaries.  But no known approach across trust 
boundaries solves problems like the two writers corrupting each other's data.

Nick Szabo
http://szabo.best.vwh.net


More information about the cap-talk mailing list