[cap-talk] Manipulating an object with a secondary reference

[Mark S. Miller]

Micah Brodsky wrote:
> I did a bounded depth first search of sorts from that link, and it helped a
> lot, but I'm still a bit unclear on how you actually implement a
> synergy-style rights amplification mechanism -- i.e. how you implement the
> magic black box that can pull out a more powerful capability. 


Some other interesting links can be found starting from:

<http://www.google.com/custom?cx=000392378982602007030%3A4i4vpd1mcjo&q=sealer+unsealer+marcs+ping&sa=Search&cof=GFNT%3A%23000000%3BGALT%3A%23008000%3BLH%3A70%3BCX%3AABACUS%253A%2520Authorization-based%2520Access%2520Control%2520for%2520Usable%2520Security%3BVLC%3A%23663399%3BLW%3A100%3BDIV%3A%23336699%3BFORID%3A1%3BT%3A%23000000%3BALC%3A%230000CC%3BLC%3A%230000CC%3BS%3Ahttp%3A%2F%2F%3BL%3Ahttp%3A%2F%2Fwww%2Eerights%2Eorg%2Fimages%2Fgranovetter%2Epng%3BGIMP%3A%23000000%3BLP%3A1%3BBGC%3A%23ffeedd%3BAH%3Aleft&hl=en&client=pub-5301282303422208>

(I got this by typing "sealer unsealer marcs ping" into the new ABACUS[*] 
search box on the <http://www.erights.org/> home page. If the above URL is 
mangled by email, that's probably easier than trying to repair it.)


Do you do
> things like have a method on the weaker capability that takes in a "synergy
> partner" capability, does some sort of equality or instance-of test on it,
> and then returns the more powerful facet of itself?


Yes, that's a good way. Two examples of that technique can be found about two 
thirds of the way into
<http://www.erights.org/elang/kernel/auditors/>.
The first of these examples has an interesting bug which the second corrects.

A more elaborate form of this technique can be found at
<http://www.eros-os.org/pipermail/e-lang/2005-August/010925.html>
which I found by following the above search link.

[*] ABACUS = Authorization-based Access Control for Usable Security.

-- 
Text by me above is hereby placed in the public domain

     Cheers,
     --MarkM