[cap-talk] Fwd: Fwd: HotSec '07
cat at reptiles.org
Sat Jul 7 20:39:49 EDT 2007
On Sat, 7 Jul 2007, Mark Miller wrote:
> The Horton paper directly shows how the most effective approach
> for dealing dynamically with authorization (for mutually
> suspicious processes) can also deal effectively with audit
> and even get ex post facto authorization control.
>> The authors could also compare it to existing reputation-
>> based systems.
> Hmmm. That seems like a good suggestion. I took a quick
> look, but this would seem to require a bit of research.
> One question that it would seem we would need to answer
> would be that of how any other "reputation-based systems"
> deal with access revocation if a subject proves unworthy
> of the authority they have been given - for any reason.
> Horton provides for access revocation via capability
> revocation. How do any other reputation-based systems
> accomplish this most fundamental aspect
Perhaps I'm missing something here, but most reputation-based systems
don't deal with access revocation at all - revocation is handled through
a separate path, and typically only in catastrophic circumstances (and not
even always then - wikipedia's a fine example of that case, as is eBay).
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
More information about the cap-talk