[cap-talk] Capabilities - the rub, identity

John Carlson john.carlson3 at sbcglobal.net
Sat Nov 18 13:58:38 CST 2006


>>
>> "account capability"?  Where did an "account capability" come into
>> the picture?  Are you referring to some sort of identity?
>>
>
>> From the description, it sounds like he's referring to what you would
> call a directory. His "2-factor capability" is then simply the  
> directory
> capability + the index/name into the directory.
>
> Sandro

I'm not so sure it's like a directory, unless the directory is like a  
class
with instances in it.  I am just saying the object reference has two  
pieces
to it, like a YURL might.  I'm not saying they have to be distinct  
pieces
of the YURL, just that there's some algorithm to pull out the account
if the kernel requires it.  It might be transparent to the user.  It  
might
be a signature or an encrypted piece of text, similar to managing  
domains,
section 13.

Maybe we should try to clairify the difference between capabilities
and public key encryption, since Jed has married them in my brain.

My understanding is that the capability is what is encrypted or signed.
encrypting or signing something doesn't alone give you any authority.

Thus the 2-factor capability is the marriage between your public key
identity and the normal capability.  They must go together to allow
the system to work.

The capability must be signed by the system for it to be used as a  
capability.
The system will only honor capabilities that are signed by an account
holder, and that account must be in the system's public key ring- AN  
ACL!

I'm getting tired of treating capabilities separately from ACLS when  
they
can be clearly used together.  Read Jed's paper!

Argh!  No wonder everyone's frustrated with capability people!

John


More information about the cap-talk mailing list