[cap-talk] keyrings and bootstrapping capabilities
David Hopwood
david.hopwood at industrial-designers.co.uk
Fri May 25 12:08:32 EDT 2007
Peter Amstutz wrote:
> As part of the system I'm designing that I discussed the previous
> thread, I've been mulling over the bootstrapping problem for a
> capability system. In particular, I see two challenges:
>
> a) Alice and Bob are looking at directory D. Alice has read-only access
> to the directory and all its contents. Bob has read-only access to the
> directory (cannot add or delete files), but read-write access to certain
> specific files. If Alice shares her read-only reference to the
> directory with Bob, how does Bob determine which files he can write to?
Typically, each file capability provides a method saying whether it is
(allegedly) read/write.
> b) A user sits down at a public terminal and wants to log in to a remote
> system and edit a file for which he knows a public identifier, but
> doesn't happen to have the 128 bit capability key granting write access
> on hand. The user should be able to log in with a user name and
> password and then be able to go on to acquire the capability to permit
> editing the file.
The user searches his writable file capabilities, which are indexed, for
one having the public identifier. Note that there may be more than one
match (or zero matches), and the user must distinguish between them based
on other metadata; this cannot be resolved automatically.
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list