[cap-talk] - Karp - Capabilities - tracking responsibility

Karp, Alan H alan.karp at hp.com
Tue Dec 5 20:16:10 CST 2006 

Jed wrote:
> 
> I need to find out more about how this works.  Perhaps you 
> can point me
> to more documentation or we could iterate a bit here.  Either 
> way, but I'll
> start down the iteration route:
> 
You can start from the e-speak link on my home page.  There are
architecture documents and an overview document.  Or, you can do what
MarkM, MarcS, and Ping did.  Sit and listen to me go through it for
three days :)
> 
> 1.  Regarding e-speak, do you suggest that there is a certificated
> handshake involved in every exercise of a permission (invocation
> of a capability)?   That is every request has an identity associated
> with it (even if not for access control purposes)?
> 
Yes, but it was so expensive (3-5 seconds on a 500 MHz machine) that the
results were cached.  The essential point is that certificates were
issued to private keys.  How people interpreted them was not specified.
> 
> 2.  In the second case I guess it's the clients that are identified?
> Are clients people, process, or what?

Processes that have connected to the Core.  The rights those processes
got depended on their authentication.  Each authentication was tied to a
Protection Domain, which contained the c-list among other things.  We
never specified exactly what an authentication meant, though.
> 
> In general are the identities above people or processes
> (active objects, executing programs)?
> 
They are Clients.  What the identities mean is up to the person running
the system.  We normally assume they can ultimately be tied to people,
but that need not be the case.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
  

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Jed Donnelley
> Sent: Tuesday, December 05, 2006 11:26 AM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] - Karp - Capabilities - tracking 
> responsibility
> 
> At 06:38 AM 12/5/2006, Karp, Alan H wrote:
> >Jed wrote:
> > >
> > > Still, I've never seen any means for tracking access based
> > > on identity in capability systems.
> >
> >Both Client Utility and the e-speak product provided for such audits.
> >The e-speak product used the digital signatures on SPKI certificates.
> >Client Utility used management events generated by the Core, which
> >mediated all requests between clients.
> 
> I need to find out more about how this works.  Perhaps you 
> can point me
> to more documentation or we could iterate a bit here.  Either 
> way, but I'll
> start down the iteration route:
> 
> 1.  Regarding e-speak, do you suggest that there is a certificated
> handshake involved in every exercise of a permission (invocation
> of a capability)?   That is every request has an identity associated
> with it (even if not for access control purposes)?
> 
> 2.  In the second case I guess it's the clients that are identified?
> Are clients people, process, or what?
> 
> In general are the identities above people or processes
> (active objects, executing programs)?
> 
> --Jed http://www.webstart.com/jed/ 
> 
> 
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

More information about the cap-talk mailing list