[cap-talk] Implementing a crypto brand: What are the security requirements?
Tyler Close
tyler.close at gmail.com
Fri Mar 23 18:50:59 CDT 2007
Hi David,
It'll take me awhile to digest the crypto part of your message, but in
the meantime I need clarification on another part.
On 3/23/07, David Hopwood <david.nospam.hopwood at blueyonder.co.uk> wrote:
> Tyler Close wrote:
> > Correct. I renamed this attribute to label and changed its type to
> > String to better communicate that this attribute does not offer any
> > guarantees that can be relied upon.
>
> Changing the type to String prevents the use of private (i.e. closely
> held or anonymous) Brands. I don't see any good reason to do that.
I don't understand how this change prevents the use of private (
sealer / unsealer ) pairs. Please elaborate.
In Joe-E, a org.joe_e.Token is used for an object having only identity
for purposes of rights amplification. My changes to the brand API
don't affect this use.
In Joe-E, a java.lang.String is considered data bearing no authority.
I switched the label to be of type String since clients should not
assume that possession of a label provides any authority, or any
reliable guarantee of any property.
Thanks,
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/
More information about the cap-talk
mailing list