[cap-talk] Communicating Conspirators impossibility statements
Jed at Webstart
donnelley1 at webstart.com
Tue Aug 29 17:26:24 CDT 2006
Mark,
I noticed in your page:
http://www.erights.org/elib/capability/conspire.html
a section: "Other Statements of the Same Impossibility".
I'd like to draw your attention to this statement:
http://www.webstart.com/jed/papers/Managing-Domains/#s6 (1981)
substantively:
"To see the difficulty of restricting capability passing
<delegation>, we need only consider processes A, B, and S pictured in
fig. 3. Suppose that A has a capability to a resource serviced by S.
Also suppose that A can communicate with B (if not, then A cannot
pass anything to B, so no special capability-passing restriction is
necessary). If a monitoring OS kernel has denied the mechanism for
passing direct access to a resource from A to B, A can still give B
the right to indirect access. A can simply have B send all its
service requests to A for forwarding to S. A will also have to return
the results of such requests to B."
<here's figure 3:
http://www.webstart.com/jed/papers/Managing-Domains/Figure-3-50.gif >
which I believe is the same statement with the same 'proof' as that
from your "conspire" page.
If you believe there are substantive differences I'd be interested to
hear what they are.
I believe you'd find that Managing Domains paper of general interest,
particularly from section 4:
http://www.webstart.com/jed/papers/Managing-Domains/#s4
on for a bit (e.g. through section 13 or 14) if you haven't taken
time to read it.
--Jed http://www.nersc.gov/~jed/
More information about the cap-talk
mailing list