[cap-talk] Loss of control (was: Re: A paper on web-keys)
Karp, Alan H
alan.karp at hp.com
Fri Feb 1 11:46:14 EST 2008
MarkM wrote:
>
> I don't understand. What use would you make of client-side
> authentication? Would the use you have in mind be vulnerable to
> confused deputy problems?
>
Hey, I said "might" :) Actually, I was thinking along the lines of an additional, non-ocap check. (You know how much I like to cross levels of abstraction.) For example, "This capability can only be used by clients in my domain." How that might be implemented is left as an exercise for the reader.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20080201/5f16daa4/attachment.html
More information about the cap-talk
mailing list