[cap-talk] Concrete guidelines for user shell
Pierre THIERRY
nowhere.man at levallois.eu.org
Fri Jun 29 06:46:07 EDT 2007
I'm wanting to write a Web publication framework around a object
capability core this summer, and have been prototyping a real estate
management application in the end of 2006, where access control was also
with object capabibilities.
In both cases, I'm a bit confused about the best way to do the user
shell. By user shell (an OS analogy, obviously), I mean the set of
objects that ultimately hold all of the user's authority and constitute
the interface between the user and the rest of the system.
In particular, I was wondering if there are any best current practices
or guidelines about authority communication between users.
- is there a user directory where anyone can get a capability by which
he can send capabilities to the designated user?
- is there any protection to avoid "spam"? (and DoS: if I send thousands
of useless capabilities to some users, how will they manage them?)
- what kind of interface is used by the user to transfer authority, to
delegate it, to remember transfered authority and manage delegated
authority?
I'm also wondering wether users shells should by default be created
within a reference monitor to make it possible to enforce MLS-like
mandatory access control (that is, Alice has access to Secret Folder and
Bob, but cannot grant access for the former to the latter).
Curiously,
Pierre
--
nowhere.man at levallois.eu.org
OpenPGP 0xD9D50D8A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070629/7279491c/attachment.bin
More information about the cap-talk
mailing list