[cap-talk] Communicating Conspirators text, related to non-delegatability
Jed Donnelley
jed at nersc.gov
Tue Jan 15 15:17:10 EST 2008
MarkM,
On:
http://www.erights.org/elib/capability/conspire.html
in the section "Where Capabilities Do Fall Short"
I see this text:
"...capabilities can neither express nor enforce:
for Alice to prohibit Bob from delegating the power
to Mallet in such a way that Bob does not have the
ability to revoke that delegation."
Isn't this what Toby and Duncan are really getting
at in their non-delegatability paper? I don't believe
their mechanism effectively blocks delegation (as Bob
can allow Mallet to do anything that Bob can do with
his authority), but it does seem to keep Bob from
delegating in such a way that Bob can't revoke the
delegation.
Does that mean that you no longer feel that "Capabilities
Do Fall Short" in this area?
Still, when I look at the reference that you include
in the conspire.html page to:
http://www.eros-os.org/%7Emajordomo/e-lang/1187.html
it doesn't seem to me to be concerned with blocking
revocation but with blocking actual delegation of
authority. If Toby and Duncan haven't yet read the
above message, they may find it supportive of their
arguments. Perhaps Ralph Harley would be interested
to read Toby and Duncan's paper?
In the next sentence in the conspire.html page you
say, ("under certain conditions"):
"...one can construct a security architecture in which
Alice can prevent Bob from preventing Bob from preventing
Mallet from continuing to use this power..."
?? "prevent Bob from preventing Bob"?? I don't understand
that 'rewording'. Perhaps that could be again reworded or
left out? It doesn't make sense to me in those words.
Does it to others? I don't understand what it might add.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list