[cap-talk] A paper on web-keys - discretionary control

[Jed Donnelley]

On 1/18/2008 2:39 PM, Karp, Alan H wrote:
> Jed wrote:
>> I expect such situations to arise rarely.  We
>> won't know until we get there.
>>
> I think the most common case is delegating a
> subset of my rights to a program I started.
> Since there is only one responsible party,
> those delegations won't go through Horton.

I tend to agree, but I admit that I don't have
a clear picture of how all this stuff will
ultimately shake out - even if my wildest
dreams come true.

For example, mightn't it be the case that
most "start"ing of programs could end up
happening across domains - e.g. even across
the network?  For example, I think of
double clicking on an icon and having a
form pop up in a window into which I
can specify initial parameters to a service
(that of course is provided by a running
program that I will be "start"ing).

That program may run anywhere.  I hope
that I communicate to it in POLA
terms, e.g. copying and pasting object
references into the initialization
form.  If the program providing the
service happens to be remote from my
computer system, I hope the delegation
does go through a PDP as with Horton
so that I (or whoever) can effect the
needed control, perhaps at a later time
when circumstances have changed - not
to mention get the logging, auditing,
and information that I may desire and
that the "Horton" service can provide.

The cost of such a PDP is small compared
to the cost of a remote "invocation", so
at least in this case I'm not concerned
about the cost of the PDP r.e. performance.

As long as the interface is the same to
me (e.g. drag and drop an object reference
into a form or onto an icon, etc.) then
I'm not concerned except to hope that those
who developed the system will insure that
the appropriate PDPs are in place for the
needed controls.

--Jed http://www.webstart.com/jed/