[cap-talk] - Karp - Capabilities - tracking responsibility (Was: Bellizzomi - Users in object/capability systems (was: MLS gone bad, Lampson))

Karp, Alan H alan.karp at hp.com
Wed Nov 29 11:46:35 CST 2006

Jed wrote:
> Since I'm not following this fully (I hope we get to discuss it soon),
> let me just ask:  It's easy to see in the above how Tyler can revoke
> Bob's use of the permission.  However, can some third party (e.g.
> an auditor) distinguish accesses by Bob from those by Tyler in
> such a way as to exonerate Tyler from any actions performed
> by Bob?  In that case I'll be interested to hear more how that works.
Depends on what you mean by third party.  Tyler connects to Jed's
machine over authenticated channel A.  Bob connects to Jed's machine
over authenticated channel B.  The owner of Jed's machine, the third
party, knows which channel each request came over.  Hence, the auditor
can distinguish requests made by Tyler from those made by Bob.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories 
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20061129/238349b3/attachment.vcf 

More information about the cap-talk mailing list