[cap-talk] Identity tokens (e.g. Kerberos) for responsibility labeling of capability invocations

Karp, Alan H alan.karp at hp.com
Tue Jun 12 18:56:22 EDT 2007


Jed wrote:
> 
> OK.  Let me start with something that I don't understand how the above
> approach can achieve.  In the initial conditions the object 
> A, acting on
> Alice's behalf, has two capabilities serviced by C acting on 
> Carol's behalf.
> Let's call them c and d.  Alice wishes to communicate these 
> capabilities
> to B/Bob.  In a scenario that I don't see how the above approach can
> satisfy, Alice's wishes to communicate one of the capabilities (let's
> say c) with delegation to Bob (as with the Horton example), and Alice
> wishes to communicate the other capability, d, directly to B/Bob (e.g.
> still as Alice's responsibility).
> 
No can do.  With authenticated channels, you don't have the option of
leaving the delegatee out of the responsibility chain.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
  



More information about the cap-talk mailing list