[cap-talk] Capability levels (simple summary fore and aft, DEMOS example between)
Mark Miller
erights at gmail.com
Wed Aug 16 18:14:37 EDT 2006
On 8/16/06, Jed at Webstart <donnelley1 at webstart.com> wrote:
> I think it's important to ask and answer questions such as:
>
> "What's wrong with a network level implementation?" (e.g. password
> capabilities like YURLs). Whatever is wrong, can it be remedied at the network
> level? If not, why not?
If you are asking, in what way are caps-as-data weaker than
object-caps, then please see Section 11.5 of my thesis: "The Limits of
Decentralized Access Control".
> If not, then doesn't that mean that any capability mechanism
> implemented at a lower level that remedies a perceived deficiency at the
> network level CAN'T be extended to the network level?
Yes, object-caps can't be extended transparently to open networks.
However, they can be extended non-transparently, as the remote
confinement example in section 11.5.1 illustrates. A related
distributed confinement example can be found at
http://www.erights.org/elib/capability/dist-confine.html
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list