[cap-talk] Capabilities - the rub, identity

Jed at Webstart donnelley1 at webstart.com
Fri Nov 17 20:52:36 CST 2006


At 10:31 PM 11/15/2006, John Carlson wrote:
> >
> >
> > If you argue that it should then it seems that all capabilities must
> > be labeled at least with a person (like an identifier) so they can be
> > revoked when the account is removed.  This would be a very strong
> > sort of membrane like facility for all users.  I've never seen such
> > implemented.  Others?
> >
>I haven't seen anything implemented, but when I brought up the
>issue of having a bunch of capabilities on a web page, and how
>would you manage that, it was suggested that you could provide
>the links on the web page, but the actual capabilities would not
>appear on the document, but would be an addendum.  Thus,
>you could use a 2-factor capability...one factor being the account
>capability, and the other being the capability that you want to
>exercise.

"account capability"?  Where did an "account capability" come into
the picture?  Are you referring to some sort of identity?

I can see a push vs. pull issue here (if I push a capability to you
I can label it as delegated to you - if you pull it from a shared area
then I have to depend on you doing so with some validated
identity in order to get it appropriately labeled as delegated to
you).  Perhaps we can bring this up on the other more focused
"Capabilities - the rub, an account" thread:

http://www.eros-os.org/pipermail/cap-talk/2006-November/005885.html

--Jed http://www.webstart.com/jed/ 




More information about the cap-talk mailing list