[cap-talk] The transitive access problem
David Chizmadia (JHU)
chiz at cs.jhu.edu
Tue Jul 31 08:57:55 EDT 2007
Karp, Alan H wrote:
> David Chizmadia wrote:
>> The last version of the CORBAsec specification that was produced
>> is version 1.8. It can be found on the OMG site at URL
>> Delegation is discussed in section 2.3.13.
> Ah, yes. I remember it well. Well, not so well, but I remember it. I
> did read this stuff in the early days of e-speak, but it didn't make
> much sense to me. It still doesn't.
It is a bit obtuse. I only really understood it when I was
trying to explain it in my article and tutorials.
My first attempt at untangling the delegation description was in
an article I wrote for Information Security bulletin. You can find a
reasonably good copy of the article at URL:
While trying to find an online copy of the paper, I also ran
across the following Grid computing paper that appears to be a good
reference for your purposes:
> It's clear from Section 2.1.6 that the authors were aware of the
> transitive access problem. All the options are there for dealing with
> it, but in a rather round-about way because they were using credentials
> and ACLs instead of capabilities. However, it doesn't appear that they
> ever specified standards for limiting the use of a credential. They
> discuss it, but Appendix F.13 states "However, the current specification
> does not allow the application to control when and where these
> credentials are used. A later specification may provide such controls."
> Was such a spec ever published?
> Appendix F.15 describes capabilities. It says "Note that neither the
> CapabilityAccessPolicy interfaces nor the Capability interfaces are
> defined in this specification". Were they ever?
Unfortunately, none of the refinement work was ever done at OMG.
More information about the cap-talk