[cap-talk] On revocation and theuse ofwrappers andIn DefenseofIdentities
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Sun Dec 10 20:42:12 CST 2006
At Sun, 10 Dec 2006 17:20:23 -0600,
"Karp, Alan H" <alan.karp at hp.com> wrote:
>
> Marcus Brinkmann wrote:
> >
> > Unless there is some clever cryptographic protocol I am missing, it
> > seems to me that storage consumption in the server is necessary to
> > support revocable delegation (with or without identity tracking) in a
> > loosely connected network. In that case, I think we may agree after
> > all.
> >
> Normally, a delegator wanting to be able to revoke sets up the
> caretaker. In the example, Alice would give Bob a reference to an
> object on Alice's machine that Alice could use to revoke. None of
> Carol's resources are involved.
This can be a viable design pattern. However, I would not normally
call this revocable delegation, but just proxying. The details of
what either one means are still unclear (or at least there are many
alternatives), but I think that everybody agrees that there is a
difference. For example, it seems clear that such a proxy would never
eq? the proxied capability.
Now, who again was volunteering to write a capability dictionary? :)
Thanks,
Marcus
More information about the cap-talk
mailing list