[cap-talk] Loss of control (was: Re: A paper on web-keys)
Karp, Alan H
alan.karp at hp.com
Fri Feb 1 12:20:19 EST 2008
MarkM wrote:
>
> I'm not concerned with how it's implemented. I'm concerned that by
> adding this ACL check, you now have a classic "hybrid capability
> systems". To the degree that you depend on this ACL check for access
> control, you have all the classic ACL problems, including confused
> deputy. As I've said before, it might be a good strategy in some
> contexts to create such mixed systems as a legacy bridge. But Waterken
> does not yet have an ACL legacy we need to bridge.
>
Fair enough. I'm just thinking about how we might add VOC-like controls. Of course, Horton lets us do that, anyway.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list