[cap-talk] mailkey: Is this broken ?? Identity key access?
David Hopwood
david.hopwood at industrial-designers.co.uk
Mon Jun 4 16:51:57 EDT 2007
Jed Donnelley wrote:
> At 09:58 PM 6/3/2007, James A. Donald wrote:
>
>>He uses the key Alice gave him, to do stuff. His
>>identity key is also required.
>
> Ah! Now maybe we're getting somewhere. You say
> Bob's identity key is also required? So Bob must
> sign all his requests? Doesn't that seem to suggest
> that every process acting on Bob's behalf (e.g.
> the Solitaire program) must have Bob's identity key?
> This seems to suggest that access to Bob's identity
> key is going to be rather widespread. Am I missing
> something here?
This problem is easily solved: just consider instances of
applications to be principals, as well as users. Then a typical
delegation chain (e.g. appearing in a log) will look like
"Alice -> app1 -> Bob -> app2", where Alice used her "app1"
to delegate to Bob, and Bob used his "app2" to access the
delegated object.
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list