[cap-talk] On revocation and the use of wrappers and In Defenseof Identities
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Thu Dec 7 07:57:53 CST 2006
At Wed, 6 Dec 2006 23:17:12 -0600,
"Karp, Alan H" <alan.karp at hp.com> wrote:
>
> Marcus Brinkmann wrote:
> >
> > There is also the further consideration that unwanted or unnecessary
> > information leakage, even if harmless, seems to indicate a design
> > flaw. Often, such fine points generate a lot of traction if they are
> > viewed under a system design perspective. Or in other words: Who am I
> > to compromise? :)
> >
> This information leakage is under the control of the delegator. The
> delegator can always assume responsibility by directly handing off the
> capability or chosing to proxy requests.
In other words, the delegator has three bad choices, instead of a
single good one.
> The server can always refuse if a given capability has been delegated
> too many times.
As Neal said. Or: "What's too many?" [1]
Thanks,
Marcus
[1] 42, of course.
More information about the cap-talk
mailing list