[cap-talk] Confusing deputies with SAML assertions (was: Re: Confused Deputies in Capability Systems)
Jed Donnelley
capability at webstart.com
Tue Feb 10 04:16:49 EST 2009
At 12:53 AM 2/10/2009, John Carlson wrote:
> > Jed wrote:
> > I use the term "capability" to refer to a representation of object
> > access (access authority) that:
> >
> > 1. can be validated when used as authorization for a service
> > request, and
> >
> > 2. can be communicated between any two processes that can
> > communicate data.
> >
> > Do SAML assertions meet the above criteria (#1, #2) for
> > "capabilities"?
>
>I believe that #1 can be met with asymmetric encryption of SAML. The
>capability is encrypted similar to your paper, Jed--here
>http://www.webstart.com/jed/papers/Managing-Domains/#s13
> Whatever comes out of the encryption may be communicated between
>two processes, thus #2 can be met. Recall that Alan's implementation
>sends the authorization SAML to the active entity when the active
>entity authenticates.
If so then how is it that, "Bob can protect himself by making sure
the submitter (Alice) of the request has the rights being
delegated." Why does Bob need to do such protecting, and what tools
does he have available for doing so?
As I suggested in my previous message, what I mean by "communicate a
capability" includes the notion that the sender must have the rights
being communicated. Is that different than those being "delegated."
Maybe it's time for an interactive discussion. I'm afraid I may be
contributing more confusion that clarity.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list