[cap-talk] Confused Deputies in Capability Systems - not
marcus.brinkmann at ruhr-uni-bochum.de
Fri Feb 27 09:25:43 EST 2009
Bill Frantz wrote:
> marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) on Thursday, February 26, 2009 wrote:
>> Capabilities can only survive in an isolated, homogeneous environment. I
>> think that this is a serious limitation, which in my opinion severely
>> restricts the applicability of capability theory.
> This statement is wrong on the face of it. Any data-as-capability (e.g.
> WebKeys, SPKI authorizations, etc.) can be securely passed through systems,
> such as encrypted email, that are completely unaware of capabilities, let
> alone the precise capability system they represent.
That is just a transport issue, and not what I meant. If you send me a capability-as-data
over any channel, what can I do with it? Nothing useful, until I feed it back into a system that
accepts the data as a valid capability for anything. For that to happen, the system must
somehow be in rather intimate contact (and if only by following the same P2P protocol) with the
system from which the capability originated. It does not need to be the same system, but surely
all such systems form a common domain. This domain is the isolated, homogeneous environment I am
So, yes, it is possible to extract a capability and reinsert it into the capability system it came
from, but you can not extract a capability and use it outside of the capability system it came from.
More information about the cap-talk