[cap-talk] SPAM-LOW: Re: In Defense of Identities - really not
Sandro Magi
smagi at higherlogics.com
Wed Dec 6 16:04:39 CST 2006
Jonathan S. Shapiro wrote:
> This is exactly what you do *not* want. You want the *ability* to do
> this, but not the mandate to do this. There is value (in the form of a
> barrier cost created by the need to proxy) in controlling delegation --
>
Combined with local naming (ie. you can only add to an ACL you hold, a
subject to which you also hold an unforgeable identifier), Jed's idea is
essentially capability semantics. Your suggestion seems to boil down to
capabilities with a do-not-delegate flag by default. Are you arguing
against capabilities in the context of OpenCM, or making a more general
statement?
Sandro
> and especially so in a shared system like OpenCM where user sessions are
> intentionally very short and there is no ability for users to introduce
> code (therefore no ability to proxy).
More information about the cap-talk
mailing list