[cap-talk] Identity tokens (e.g. Kerberos) for responsibility labeling of capability invocations
Karp, Alan H
alan.karp at hp.com
Tue Jun 12 18:56:22 EDT 2007
> OK. Let me start with something that I don't understand how the above
> approach can achieve. In the initial conditions the object
> A, acting on
> Alice's behalf, has two capabilities serviced by C acting on
> Carol's behalf.
> Let's call them c and d. Alice wishes to communicate these
> to B/Bob. In a scenario that I don't see how the above approach can
> satisfy, Alice's wishes to communicate one of the capabilities (let's
> say c) with delegation to Bob (as with the Horton example), and Alice
> wishes to communicate the other capability, d, directly to B/Bob (e.g.
> still as Alice's responsibility).
No can do. With authenticated channels, you don't have the option of
leaving the delegatee out of the responsibility chain.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk