[cap-talk] Toby's Confused deputy statement (was: Re: Confused deputies in hybrid systems)
Karp, Alan H
alan.karp at hp.com
Tue Feb 5 17:10:31 EST 2008
Jed wrote:
>
> Is there any loss of generality in referring to such systems
> as capability systems? Do we have examples of NON-ambient
> authority systems that aren't capability systems? How
> else can NON-ambient authority show up? Just curious.
>
Integrating our authorization mechanism with existing SOA programs has led to cases where we could not avoid separating designation from authorization. In some cases, the application API requires a string representing a filename, forcing us to put the corresponding authorization in the message header. The authorizations are still explicit, so it's non-ambient, but it's not capabilities either.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list