[cap-talk] Persistence as a cap value (was: Re: ...PLASH discussion)
Kevin Reid
kpreid at mac.com
Thu Mar 13 12:45:44 EDT 2008
On Mar 13, 2008, at 11:55, Jonathan S. Shapiro wrote:
> In a networked capability system, a remote capability is generally
> associated with an authenticated session. If the operation governed by
> the capability motivates re-authentication on restart, it is entirely
> sensible to revoke the cap. The problem is that you do not know who
> has
> re-acquired control of the session, and to the session controller the
> caps are merely data.
>
> But it's more efficient to simply revoke the session.
I'm trying to understand this, but having trouble with which party is
doing what. Which side of the network does the "session controller"
live on? What does "motivates re-authentication on restart" mean? Who
is "you" and why is the "session" apparently insecure?
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list