[cap-talk] My alarming uncle Bob (was: What Horton cannot do? (Was: mailkey: transfer of accountability...))
Karp, Alan H
alan.karp at hp.com
Thu Jun 7 11:37:06 EDT 2007
Jed wrote:
>
> When you refer to this as an "authenticated channel" capability
> system, where does the "authenticated channel" come in?
> What 'channel' are you referring to?
>
You won't find the term in the mail archives or in any publication.
It's just a term I've been using in conversation. It works very much
the way James Donald has described it. Alice is known to Bob and
establishes a communication channel, such as over a socket, by
authenticating using a password, private key, cookie, etc. Only then
will Bob accept requests from Alice. The rights Alice gets to objects
on Bob's machine are determined by capabilities-as-data that Alice
possesses. Hence, Alice can start a program with the ability to
authenticate as Alice but give it only some of her rights by passing in
a subset of her capabilities.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list