[cap-talk] Capabilities - the rub
John Carlson
john.carlson3 at sbcglobal.net
Fri Nov 10 00:34:55 CST 2006
On Nov 9, 2006, at 9:12 PM, Mark S. Miller wrote:
> John Carlson wrote:
>> Eric Jacobs wrote:
>>> Jed at Webstart wrote:
>>>> If you run on a capability infrastructure you can remove the
>>>> account,
>>> Simple: revoke the proxy that you originally created for the
>>> account.
>> Must you "pass" the account to every single call to the kernel?
>
> What's an account?
Something that gives you the capability to use the capability
infrastructure kernel.
An account is all the capabilities that the user has access to that
you care about.
If that's only one capability, as I was suggesting then things are
easy. But I don't
think that would be a very secure system in most people's minds.
Thus, I want
to find out more about the supervisory thing.
I can imagine a Java class like:
class Account {
public void callInfrastructure(String method, String arg1, ...);
}
Where methods are difficult to guess strings.
LOL.
John
More information about the cap-talk
mailing list