[cap-talk] Identity tokens (e.g. Kerberos) for responsibility labeling of capability invocations

Karp, Alan H alan.karp at hp.com
Tue Jun 12 18:56:22 EDT 2007

Jed wrote:
> OK.  Let me start with something that I don't understand how the above
> approach can achieve.  In the initial conditions the object 
> A, acting on
> Alice's behalf, has two capabilities serviced by C acting on 
> Carol's behalf.
> Let's call them c and d.  Alice wishes to communicate these 
> capabilities
> to B/Bob.  In a scenario that I don't see how the above approach can
> satisfy, Alice's wishes to communicate one of the capabilities (let's
> say c) with delegation to Bob (as with the Horton example), and Alice
> wishes to communicate the other capability, d, directly to B/Bob (e.g.
> still as Alice's responsibility).
No can do.  With authenticated channels, you don't have the option of
leaving the delegatee out of the responsibility chain.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list