[cap-talk] Delegation/Proxy equivalence and limited lifespan objects?

[David Hopwood]

Rob Meijer wrote:
> When trying to defend that proxying and delegation of permissions would
> be equivalent from a authority point of view, the folowing was brought
> as an argument against delegation:
> 
> If Alice delegates a permission to Bob and Bob re-delegates it to Carol,
> the equivalence seems to only apply if Bob has an unlimited lifetime.
> One could argue that Alice could use a caretaker and revoke the authority
> at any time, but this still would not fall into sync with the end of life
> event of the Bob object.

The fact that the permission stops being proxyable at the end of life of
the Bob object is more often a problem, rather than a feature, in systems
that only support proxying. Workarounds are needed such as asking Alice
to re-delegate the permission to Bob2 in place of Bob.

AFAIK, it has not been claimed that proxying and delegation are always
equivalent. The claim is that at least the same useful security properties
that are achievable with proxying are achievable with delegation (not
necessarily in the same way).

-- 
David Hopwood