[cap-talk] The transitive access problem
Karp, Alan H
alan.karp at hp.com
Mon Jul 30 19:24:58 EDT 2007
David Chizmadia wrote:
>
> The last version of the CORBAsec specification that was produced
> is version 1.8. It can be found on the OMG site at URL
>
> http://www.omg.org/docs/formal/02-03-11.pdf
>
> Delegation is discussed in section 2.3.13.
>
Ah, yes. I remember it well. Well, not so well, but I remember it. I
did read this stuff in the early days of e-speak, but it didn't make
much sense to me. It still doesn't.
It's clear from Section 2.1.6 that the authors were aware of the
transitive access problem. All the options are there for dealing with
it, but in a rather round-about way because they were using credentials
and ACLs instead of capabilities. However, it doesn't appear that they
ever specified standards for limiting the use of a credential. They
discuss it, but Appendix F.13 states "However, the current specification
does not allow the application to control when and where these
credentials are used. A later specification may provide such controls."
Was such a spec ever published?
Appendix F.15 describes capabilities. It says "Note that neither the
CapabilityAccessPolicy interfaces nor the Capability interfaces are
defined in this specification". Were they ever?
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list