[cap-talk] Collaboration opportunity
dpranke at chromium.org
Fri Jun 10 14:55:47 PDT 2011
On Fri, Jun 10, 2011 at 1:57 PM, David Barbour <dmbarbour at gmail.com> wrote:
> On Fri, Jun 10, 2011 at 12:10 PM, Ben Laurie <benl at google.com> wrote:
>> there must surely be a moment at which I prove to my device
>> that I am me and not some imposter, at which point my big
>> bag o' capabilities becomes available to me?
>> Is this not 'login'?
> Hmmm... would you say we 'login' to our smart card when we provide our PIN?
> or would you say that we use a smartcard to 'login' to some other system?
I think of "login" as a form of privilege escalation and state transition.
> Anyhow, I wouldn't object to using a smartcard or the like as an external
> memory device to mitigate my puny human brain.
> But neither the smartcard itself nor whatever PIN or biometric data it uses,
> should need to provide any 'new' authority... i.e. if I could remember the
> capabilities, I should be able to use them independently of the smart card.
> In this sense, I'm just protecting my external memory. If I had a chip in my
> head, I maybe could use that instead.
I disagree with this. It can definitely make sense to think of a smart
card as granting (or unlocking) additional authority, just as it can
make sense to want to revoke particular smart cards.
> Rob Meijer wrote:
>> IMO identity (and thus login) is still pretty useful for auditing
>> Wouldn't it be great that if you lend your car (key) to your friend for a
>> day and at the end of the day would be able to ask your friend why he
>> found it proper to lend your car keys to his brother for an hour.
> That seems rather hand-wavy to me. If we want responsibility, we should more
> formally model it.
What about that is hand-wavy to you? It seemed pretty clear to me from
a requirements point of view.
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk