[cap-talk] Negative permissions
Jed Donnelley
capability at webstart.com
Mon Feb 4 12:55:53 EST 2008
At 08:46 AM 2/4/2008, Karp, Alan H wrote:
>Jed wrote:
> >
> > At this point I feel I have such a clear view of how
> > these mechanisms are working, it seems a shame that I
> > don't have an opportunity to work on architecting a
> > system with them - e.g. a capability based system
> > with some identity based controls (e.g. MLS).
>
>Client Utility provided some aspects of this without relying on
>identities by using "negative permissions". These were capabilities
>that could make other capabilities unusable. The simplest case was
>compartments, such as when we want to prevent inadvertant mixing of
>rights from two customers. The use of any capability from one
>compartment disabled capabilities from the other.
Amazing. Sometime I'd be interested in hearing the motivation and results.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list