[cap-talk] Capabilities vs. identity/acl - the rub, rub, rub
Karp, Alan H
alan.karp at hp.com
Wed Nov 22 10:27:58 CST 2006
> Have you ever actually received a capability in an email?
> By "actually" I mean a permission to access something that
> wasn't assumed to be accessible by the whole world?
> Not a copy (e.g. the file in an email example), not a URL
> open to the world, but shared and limited access or an object?
It's happening more and more. Book a car at Hertz.com. You'll get an
email with a URL containing your "unguessable" confirmation number.
Click on that link, and you can change that reservation. The recent
SIAM election was done via email. Members received emails with
unguessable URLs that took them directly to their ballots. My mail
order prescription plan takes the "unguessable" presecription number as
the authority to order a refill. Each of these is an example of a
"permission token that can be communicated".
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk