[cap-talk] Capabilities vs. identity/acl - the rub, rub, rub

Karp, Alan H alan.karp at hp.com
Wed Nov 22 10:27:58 CST 2006


Jed wrote:
> 
> Have you ever actually received a capability in an email?
> By "actually" I mean a permission to access something that
> wasn't assumed to be accessible by the whole world?
> Not a copy (e.g. the file in an email example), not a URL
> open to the world, but shared and limited access or an object?
> 
It's happening more and more.  Book a car at Hertz.com.  You'll get an
email with a URL containing your "unguessable" confirmation number.
Click on that link, and you can change that reservation.  The recent
SIAM election was done via email.  Members received emails with
unguessable URLs that took them directly to their ballots.  My mail
order prescription plan takes the "unguessable" presecription number as
the authority to order a refill.  Each of these is an example of a
"permission token that can be communicated".

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
 



More information about the cap-talk mailing list