[cap-talk] Password capabilities ?? (was: Re: Confused Deputies in Capability Systems)
Jed Donnelley
capability at webstart.com
Tue Feb 10 04:10:02 EST 2009
At 09:53 AM 2/6/2009, Sandro Magi wrote:
>A password capability is an identity token of sorts,
>in which case you've turned your service into an ACL system with the
>same possibility for confused deputies, and must therefore vet the
>arguments.
I don't understand the above. You must mean something by "password
capability" other than what I've understood by that terminology in the past.
What I've meant is:
http://www.webstart.com/jed/papers/Managing-Domains/#s8
I thought that was also modern terminology. A "password capability"
is essentially a "Swiss Number" (large unguessable number) associated
with the address of a server that will service requests when
presented with such a "Swiss Number".
Password capability systems have appeared in many variations such as
Monash, Amoeba, and NLTSS, but I believe they all have this basic
property. I think of YURLs as password capabilities (as data) also.
Hmmm. When I look up "web keys" I find things like:
http://www.gadgets2order.com/USB%20Web%20Keys.aspx
https://www.gimmees.com/detail~pNum~3670~pcategory~10~psubcategory~3.asp
etc. Perhaps that "Web key" expression is too overloaded for use with YURLs?
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list