[cap-talk] Reference implementation of Federated AccessManagement ready for review
Karp, Alan H
alan.karp at hp.com
Thu Jun 21 12:11:57 EDT 2007
Pierre Thierry wrote:
> I didn't read the code, only the report. How is revocation managed? As
> the scenario described doesn't seem to involve caretakers, is
> of a capability made by emitting a cryptographically signed
> Does that mean that revocation could fail if the revocation is not
Revocation is done by sending a Revoke message to the service. It will
fail if the request cannot reach the service. If that's a problem, you
can set up a service of your own as a forwarder. Even without that,
revocation with ABAC is far simpler that what's currently "best
practice" in the web services world.
> BTW, as it was said earlier, that's probably exactly the kind of work
> that could really help advocating POLA and ABAC: retrofitting them in
> existing technologies.
That's our hope.
> Is it already used in productions systems?
Not to the best of my knowledge. Once we've collected comments and
released the tech report, I will forward a link to people I know are
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk