[cap-talk] - Karp - Capabilities - tracking responsibility
Jed Donnelley
jed at nersc.gov
Tue Dec 5 13:25:33 CST 2006
At 06:38 AM 12/5/2006, Karp, Alan H wrote:
>Jed wrote:
> >
> > Still, I've never seen any means for tracking access based
> > on identity in capability systems.
>
>Both Client Utility and the e-speak product provided for such audits.
>The e-speak product used the digital signatures on SPKI certificates.
>Client Utility used management events generated by the Core, which
>mediated all requests between clients.
I need to find out more about how this works. Perhaps you can point me
to more documentation or we could iterate a bit here. Either way, but I'll
start down the iteration route:
1. Regarding e-speak, do you suggest that there is a certificated
handshake involved in every exercise of a permission (invocation
of a capability)? That is every request has an identity associated
with it (even if not for access control purposes)?
2. In the second case I guess it's the clients that are identified?
Are clients people, process, or what?
In general are the identities above people or processes
(active objects, executing programs)?
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list