[cap-talk] securing a capability based chat program.
John Carlson
john.carlson3 at sbcglobal.net
Wed Nov 23 04:22:42 EST 2005
Here is the design of my chat program; I am having problems
securing it properly. The problem is that I have no way
of both providing the Avatar in a Message, yet still protecting
Avatars from abuse. I would like to be able to use the Avatar
in a public conversation or log to contact people to create a
private conversation. However, I don't want a hacker to be
able to use my Avatar to send messages. It's almost like I
need PKI to project both a private and public personas. I can
sign messages with my private key, so people know it is from
me. Does anyone see another solution?
I also need some way of sticking a private conversation in
the Account object and at the same time, avoid giving away
the Account. I guess I could set a list in the Avatar object
that would indicate the new Avatars to create Private
Conversations for.
My implementation strategy is to use YURLs. I will experiment
with lists. Obviously using method capabilities would be easiest.
How do I prevent Waterken from displaying certain capabilities
in the XML? Say I only want to give myAccount.addPrivateConveration()
away and not all the other methods when someone requests an object
Should I create a facet? How does this help?
Administrator has
Accounts
Server
Account has
Private Conversations
Server
Private key
Avatars (mine)
Private Conversation has
Messages
Avatars (members)
Server has
Public Conversations
Public Conversation has
Messages
Avatars (members)
Message has
Avatar (sender)
optional Text
optional typed Stream
Avatar has
Public key
New Private Conversation Avatars (for this avatar owner)
More information about the cap-talk
mailing list