[cap-talk] mailkey: Is this broken ?? Identity key access?

[Karp, Alan H]

David Hopwood wrote:
> 
> Karp, Alan H wrote:
> > David Hopwood wrote:
> > 
> >>This problem is easily solved: just consider instances of
> >>applications to be principals, as well as users. Then a typical
> >>delegation chain (e.g. appearing in a log) will look like
> >>"Alice -> app1 -> Bob -> app2", where Alice used her "app1"
> >>to delegate to Bob, and Bob used his "app2" to access the
> >>delegated object.
> > 
> > But Carol has to know about each such account before the 
> application can
> > use her objects.
> 
> Why? We must have a disconnect of assumptions here. I am assuming that
> it is usually system-provided powerboxes that perform 
> delegations between
> principals. There is no logical requirement for the objects 
> being delegated
> to be aware of the protocol, let alone particular principals.
> 
Sorry.  I thought we were talking about James Donald's approach that
combined an account key with a webkey (unguessable URL).  The webkey
alone is not enough.  Alice must use her account key at Carol to use any
of the objects Carol hosts, referencing them by the appropriate webkey.
App1 won't be able to use the webkey provided by Alice unless Alice
shares her private key with app1, or app1 has an account with Carol.

If you're not talking about Donald's approach, then you're right.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp