[cap-talk] The transitive access problem
Karp, Alan H
alan.karp at hp.com
Wed Aug 1 19:36:42 EDT 2007
David Chizmadia wrote:
>
> While trying to find an online copy of the paper, I also ran
> across the following Grid computing paper that appears to be a good
> reference for your purposes:
>
> http://legion.virginia.edu/papers/delegation.pdf
>
Ah, yes. I remember it ... I've read this paper, but I thought its
mechanisms were a mess. There is one interesting sentence in Related
Work, "There are numerous ways in which to address delegation with
attribute certificates: using a generic attribute certificate as a
capability (similar to Legion's bearer credential),". In the
discussion of Legion bearer credentials, they list a bunch of ways of
delegating a subset of your rights. They include by method and by class
but not by the object instance. Is it any wonder they can't come up
with a usable scheme?
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list