[cap-talk] In Defense of Identities
Jed at Webstart
donnelley1 at webstart.com
Wed Dec 6 15:19:35 CST 2006
At 09:09 AM 12/6/2006, Marc Stiegler wrote:
>Jonathan S. Shapiro wrote:
> > On Tue, 2006-12-05 at 12:12 -0600, Karp, Alan H wrote:
> >> I contend there are better ways to achieve your goal than introducing
> >> ACLs.
> > Quite probably.
> > But are there more *marketable* ways?
>To whom are you planning to market this stuff? Are you planning to
>market it to real people, for whom the avalanche of passwords and certs
>is now a laughing matter (I'm starting to see passwords appear more
>often as jokes in television ads)? Or are you planning to sell it to the
>traditional security community so they can point and say, "see, even the
>capability folk acknowledge that, for real problems, you need acls"?
It is exactly at this last point, "for real problems, you need acls"
that I'm addressing this responsibility tracking mechanism. I argue
that for real problems object-capability semantics are more effective
all the way up and down the chain of "reality" of 'problems'.
I believe that it's actually delegation scenarios that we're talking
about here. As the HP folks so eloquently described in their
Google presentations on object-capabilities, permission delegation
is an absolutely fundamental requirement to enable any human or machine
(acting on behalf of humans) commerce.
I'm happy to defend identities, and I believe I've done so with this
responsibility tracking, which does use identities. As we've discussed
such responsibility tracking can be done with object-capability
semantics, regardless of the implementation (e.g. even with
an underlying ACL mechanism if that's most appropriate).
More information about the cap-talk