[cap-talk] mailkey: Is this broken ?? Identity key access?

[David Hopwood]

Karp, Alan H wrote:
> David Hopwood wrote:
>>Karp, Alan H wrote:
>>>David Hopwood wrote:
>>>
>>>>This problem is easily solved: just consider instances of
>>>>applications to be principals, as well as users. Then a typical
>>>>delegation chain (e.g. appearing in a log) will look like
>>>>"Alice -> app1 -> Bob -> app2", where Alice used her "app1"
>>>>to delegate to Bob, and Bob used his "app2" to access the
>>>>delegated object.
>>>
>>>But Carol has to know about each such account before the 
>>>application can use her objects.
>>
>>Why? We must have a disconnect of assumptions here. I am assuming that
>>it is usually system-provided powerboxes that perform delegations between
>>principals. There is no logical requirement for the objects being delegated
>>to be aware of the protocol, let alone [to be aware of] particular principals.
> 
> Sorry.  I thought we were talking about James Donald's approach that
> combined an account key with a webkey (unguessable URL).  The webkey
> alone is not enough.  Alice must use her account key at Carol to use any
> of the objects Carol hosts, referencing them by the appropriate webkey.
> App1 won't be able to use the webkey provided by Alice unless Alice
> shares her private key with app1, or app1 has an account with Carol.
> 
> If you're not talking about Donald's approach, then you're right.

Ah, OK. I was not talking about James Donald's approach in particular.
Jed's concern about identity keys potentially having to be accessible
to all of a user's applications did not seem to be specific to that approach.

-- 
David Hopwood <david.hopwood at industrial-designers.co.uk>