[cap-talk] The transitive access problem

[David Chizmadia (JHU)]

Alan,

Karp, Alan H wrote:
> David Chizmadia wrote:
>>     The last version of the CORBAsec specification that was produced
>> is version 1.8. It can be found on the OMG site at URL
>>
>>         http://www.omg.org/docs/formal/02-03-11.pdf
>>
>>     Delegation is discussed in section 2.3.13.
>>
> Ah, yes.  I remember it well.  Well, not so well, but I remember it.  I
> did read this stuff in the early days of e-speak, but it didn't make
> much sense to me.  It still doesn't.

    It is a bit obtuse. I only really understood it when I was
trying to explain it in my article and tutorials.

    My first attempt at untangling the delegation description was in
an article I wrote for Information Security bulletin. You can find a
reasonably good copy of the article at URL:

http://user.cs.tu-berlin.de/(diract,unfold)/~tabak/DIPLOMARBEIT/doc/SicherheitVonOMG/corbasec.htm

    While trying to find an online copy of the paper, I also ran
across the following Grid computing paper that appears to be a good
reference for your purposes:

http://legion.virginia.edu/papers/delegation.pdf

> It's clear from Section 2.1.6 that the authors were aware of the
> transitive access problem.  All the options are there for dealing with
> it, but in a rather round-about way because they were using credentials
> and ACLs instead of capabilities.  However, it doesn't appear that they
> ever specified standards for limiting the use of a credential.  They
> discuss it, but Appendix F.13 states "However, the current specification
> does not allow the application to control when and  where these
> credentials are used.  A later specification may provide such controls."
> Was such a spec ever published?
> 
> Appendix F.15 describes capabilities.  It says "Note that neither the
> CapabilityAccessPolicy interfaces nor the Capability interfaces are
> defined in this specification".  Were they ever?

    Unfortunately, none of the refinement work was ever done at OMG.


-DMC