[cap-talk] Delegation/Proxy equivalence and limited lifespanobjects?
Karp, Alan H
alan.karp at hp.com
Mon Nov 12 12:16:45 EST 2007
Rob Meijer wrote:
>
> When trying to defend that proxying and delegation of
> permissions would
> be equivalent from a authority point of view, the folowing was brought
> as an argument against delegation:
>
I don't think that's the argument people are making. When members of
the ACL community hear about delegation with capabilities, they
uniformly say "but you're losing control." I then point out that
someone who wants to delegate but is prevented from doing so can always
proxy. The result of blocking delegation is to make it harder to get
work done without adding security. That's not the same as claiming that
delegation and proxying are equivalent.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list