[cap-talk] Capabilities giving up control? (was: Re: A paper on web-keys)
Toby Murray
toby.murray at comlab.ox.ac.uk
Fri Jan 18 22:13:07 EST 2008
On Thu, 2008-01-17 at 23:02 -0800, Jed Donnelley wrote:
> >Of course, this is coming from a strong advocate of the object-cap model
> >who is (in this instance) trying to apply real-world insights about
> >real-world security to computer security, so this is certainly not a
> >critique of the object-cap model nor capability security,
>
> It isn't? Why not? Aren't you raising the same issue
> the questioner was raising at David Wagner's talk?:
Yes. But
1. I believe that current experience with the object-cap model indicates
that the cases in which non-delegatable authorities will be essential
are probably few at best.
2. We have a means to express NDA within the object-cap model for these
cases -- if they do exist in practice.
Hence there is no problem with the model.
More information about the cap-talk
mailing list