[cap-talk] - Karp - Capabilities - tracking responsibility (Was: Bellizzomi - Users in object/capability systems (was: MLS gone bad, Lampson))

Karp, Alan H alan.karp at hp.com
Wed Nov 29 16:07:24 CST 2006

Valerio Bellizzomi wrote:
> >I am assuming that when Tyler uses the capability it is over a
> >to Jed authenticated as Tyler.  Bob uses the capability over a
> >authenticated as Bob.  Since Tyler can't set up a channel to Jed
> >pretending to be Bob, there is no way Tyler can blame Bob for Tyler's
> >actions.
> Are we talking about "non-repudiation" here ?
No, audit for assigning responsibility.  Non-repudiation assures Jed
that Bob cannot deny having taken an action that he actually took.
Audit for assigning responsibility assures Tyler that Jed won't blame
Tyler for actions taken by Bob, even if Bob uses a capability that Tyler
gave him.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories 
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20061129/f671e9a8/attachment.vcf 

More information about the cap-talk mailing list