[cap-talk] What we have here is a failure to communicate
Monty Zukowski
monty at codetransform.com
Sat Dec 27 11:58:28 EST 2008
On Sat, Dec 27, 2008 at 1:37 AM, Jed Donnelley <capability at webstart.com> wrote:
> To me the OCap model does "conflate" authentication and authorization.
> That is, the possession (as evidenced by communication) of a capability
> demonstrates that the communicating subject is authentic (in that it
> apparently possessed the communicated capability) and is authorized to
> access (in the sense of "access control") whatever the capability
> grants (permits) access to.
>
> Perhaps others have other potentially better ways of relating the OCap
> model to authentication and authorization?
>
> I wonder if it would be worthwhile to add a discussion of this
> relationship to the Wikipedia page on the OCap model? The danger
> of course is that it would simply lead to more confusion. Thoughts?
What would really help me is an example of authentication without
authorization and vice-versa.
Monty
More information about the cap-talk
mailing list