[cap-talk] Where capabilities fall short - determining the invoker
Toby Murray
toby.murray at dsto.defence.gov.au
Wed May 25 20:08:24 EDT 2005
Karp, Alan H wrote:
>For those cases
>where "who" matters, you don't need to do anything to the capabilities.
>Just add an identification parameter to the API. You'll need to figure
>out how to interpret that information, which can be hard when crossing
>administrative domains, but that doesn't mean that the information is
>never useful.
>
>
>
Could you give an example?
Is this identifiation parameter supplied by the caller. If so, how is it
"authenticated" by the client? In order to authenticate this parameter
doesn't it need to come from a trusted third party (eg. the kernel)? Or
am I misunderstanding you.
>________________________
>Alan Karp
>Principal Scientist
>Virus Safe Computing Initiative
>Hewlett-Packard Laboratories
>1501 Page Mill Road
>Palo Alto, CA 94304
>(650) 857-3967, fax (650) 857-7029
>https://ecardfile.com/id/Alan_Karp
>http://www.hpl.hp.com/personal/Alan_Karp
>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>cap-talk mailing list
>cap-talk at mail.eros-os.org
>http://www.eros-os.org/mailman/listinfo/cap-talk
>
>
--
Toby Murray
Software Engineer
Advanced Computer Capabilities Unit
Information Networks Division
DSTO, Australia
IMPORTANT: This e-mail remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
Crimes Act 1914. If you have received this e-mail in error, you are
requested to contact the sender and delete the e-mail.
More information about the cap-talk
mailing list