[cap-talk] What does the [defense?] security community really fear from capabilities? (was: Support of MLS policies (was Re: NLTSS))
John Carlson
john.carlson3 at sbcglobal.net
Thu Jul 12 22:02:33 EDT 2007
On Jul 12, 2007, at 5:54 PM, Pierre THIERRY wrote:
> Scribit Jed Donnelley dies 12/07/2007 hora 11:18:
>> I really think the most fundamental issue is that of communicating
>> conspirators. That community really hasn't come to grips with the
>> fact that the only way to block (control) communication of a
>> permission (an access right) is to block communication. That access
>> control and confinement are intimately entwined. That if there is
>> two
>> way communication between A and B then A and B can share access
>> rights.
>
> I think this is dangerously overs-simplifying the issue. This is
> probably true in a capability-as-data system, but not in an object
> capability system.
>
> In such a system, A and B may have a two-way communication channel
> where
> a filter object is interposed, that either only let data through or
> let
> capabilities go through based on some criteria.
>
> Quickly,
> Pierre
Isn't the only way to have a networked capability system to have
capabilities as data?
John
More information about the cap-talk
mailing list