[cap-talk] network level designation and authorization
Stiegler, Marc D
marc.d.stiegler at hp.com
Fri Jun 9 14:03:14 EDT 2006
> > With these mini-vpns, Bob must either forward all messages back and
> > forth (a problem since file1 is a big file, lots of bits
> moving in the
> > triangle), or Bob must have additional authorities with Carol and
> > Alice to create a new vpn connection between Carol and Alice.
>
> yes, resource discovery and transitive introduction is
> something i'll have to read up on in CapTP before i can say
> what essential differences might be encountered in a PVC vs.
> CapTP interaction.
>
> again, i think in some cases this proxy requirement might be desired
> (revocability) and in others it might not (transitive
> introduction for direct peering).
You are correct, proxying is sometimes desirable and sometimes not. The
key to victory is to support all the variations on this 3-person
scenario easily. A good exercise might be to go through all the patterns
in the Picturebook of Secure Cooperation (find it with Google) and see
how easily each of these patterns can be implemented with your system. I
don't think there's a single pattern there that would take more than a
page of Java to implement in a single-cpu-single-thread situation, and
if you can implement it in Java in one page for single-thread, you can
implement it in E in one page for a distributed multivat (uh, maybe an
extra half-page for the setup of initial connections; for both Java and
E I am assuming non-persistence, i.e., if the machines go down you lose
the state).
--marcs
More information about the cap-talk
mailing list