[cap-talk] (Was: Iguana) Do not grant to what or whom?
Karp, Alan H
alan.karp at hp.com
Wed Jan 4 11:37:41 EST 2006
John C. McCabe-Dansted wrote:
> If the standard way of delegating rights is to proxy,
> programmers will quickly
> learn that doing the "right" thing leads to every request
> having to go
> through a huge chain of proxies. Rather than write slow and unusable
> software, they will simply do the "wrong" thing and only drop
> rights if it is
> the only way to fix a known security hole (and maybe not even then).
Exactly right. In Client Utility (e-speak Beta) proxying was the only
way to delegate between machines. Because of the potential impact of
long chains, we allowed an entity to "introduce" its neighbors on the
chain. This shortening could be recursive, so you could end up with the
same result as a direct delegation.
> However it seems that was just an disagreement over an
> implementation detail?
I would say so, but I bet Jed believes the disagreement is a deeper
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20060104/01e3bd86/KarpAlanH.vcf
More information about the cap-talk