[cap-talk] Confused Deputies in Capability Systems
John Carlson
john.carlson3 at sbcglobal.net
Tue Feb 10 23:32:55 EST 2009
On Feb 10, 2009, at 11:17 AM, Karp, Alan H wrote:
> In our reference implementation, the service validates the
> certificate via calls to library routines. As you note, that's far
> from the best approach. In a real deployment, such as those the
> Navy uses, the request is intercepted by a Policy Enforcement Point
> (PEP), which forwards the request to a Policy Decision Point (PDP).
> The PDP does the verification and sends the access decision to the
> PEP. The PEP forwards the request to the service if the decision is
> to allow access. The PEP and PDP are part of the service's reliance
> set.
Is the reliance set the same as a TCB? How is a reliance set related
to a TCB? It seems like a reliance set is more like a guard--one big
if then else statement, possibly inserted into the SOAP stream through
aspects. If it is done using aspects, this would be another case
where aspects help capabilties, when you would normally think of them
as defeating capabilities--or perhaps they are proxies that can be
thought of as aspects.
John
More information about the cap-talk
mailing list