[cap-talk] Trust and the Orange Book
Karp, Alan H
alan.karp at hp.com
Wed Jan 16 12:18:31 EST 2008
Jed wrote:
>
> Have I missed a part of the problem or the solution?
> While there are of course still concerns that trusted
> people or programs won't live up to their expectation,
> can any more be done? If evidence is uncovered that
> a person or program should no longer be trusted, at
> least we can (through Horton) limit the damage. I
> don't see how we can do better.
>
Seems to work. The key insight is that Alice's Horton stubs and proxies invoke a Policy Decision Point (to use the SOA term) to make the decision. The question is how that PDP knows what to do. Perhaps objects can implement a getSecurityInfo() method.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list