[cap-talk] Lampson: Principle Of Least Privilege as damaging
Karp, Alan H
alan.karp at hp.com
Sun Apr 6 19:04:22 CDT 2008
Fred Spiessens wrote:
>
> My current research project ( http://www.esi.nl/short/poseidon/ ) is
> completely mainstream. I keep looking for ways to integrate object-
> capabilities into the project though, because I could not throw all
> that good stuff away even if I wanted to. Finding ways to combine the
> best in both approaches may be a way to raise interest and
> appreciation for object capabilities, trying the back door as the
> front door is closed.
>
That's what we've been doing with our Zebra Copy paper. Our implementation uses SAML authorization assertions as capabilities (but not ocaps), but we never apply that word to our approach. People want strong authentication, so we say, "Fine, but look how much better it is if you only need to authenticate in your own domain." People want ACLs and Role Based Access Control. We say, "Fine, but use them to decide which authorizations to give out, not to make access decisions." So far, we've been getting some traction. Two HP consultants are using Zebra Copy as a template on their projects, and the leader of the study for the US Navy that I'm working on is a convert. Three down, 29,999,997 to go.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list