[cap-talk] Confused Deputies in Capability Systems
Bill Frantz
frantz at pwpconsult.com
Wed Feb 11 00:31:22 EST 2009
marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) on Tuesday, February 10, 2009 wrote:
>It's even simpler. A confused deputy can also arise in capability systems
>if a capability is designated by a symbolic name rather than a capability.
>Any service that translates names to capabilities can potentially have a
>confused deputy problem.
I am truly confused. How does translating a name, such as clist item[5],
into a capability introduce the problem of using the wrong subject to check
the authority, which is the essence of confused deputy?
Marcus and Toby see this as obvious, and I don't see it at all, so, "What
we have here is a failure to communicate."
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032
More information about the cap-talk
mailing list