[cap-talk] Comprehensive Security Policies on Capability Systems
John Carlson
john.carlson3 at sbcglobal.net
Mon Jan 15 10:50:49 CST 2007
> but how to use capabilities and
> these patterns to implement a more comprehensive security policy.
> Could anybody point me to some relevant exposés?
>
> Thanks,
> Neal
You mean like how to secure services such as a network file system?
Check out Jed's references. For this, you need some kind of PKI,
like GPG.
I'm not sure anyone has "solved" the public key distribution system.
My institution has someone you go to get a public/private key, last
I checked. One can always generate one's own key, however. SSH
seems to have done a fairly good job, although I am not aware of
the particulars.
You use the PKI to encrypt the capabilities, leaving the
server based signature intact so that the server can verify the
capability,
and allow the delegate a way to execute the desired method.
I don't believe that Jed's papers describe the distribution method
for capabilities either, since any communication method can be used
to distribute capabilities. I believe his thesis is that people have an
unalienable right to distribute capabilities. However, his design
tells you where the capability has gone when someone exercises
the capability against the service.
I believe the particular section is "Managing Domains" but Jed can
give you the exact link.
John
More information about the cap-talk
mailing list