[cap-talk] Comparing models
Karp, Alan H
alan.karp at hp.com
Mon Jun 13 09:42:12 PDT 2011
I've changed the subject line to reflect the topic being discussed.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
> -----Original Message-----
> From: Karp, Alan H
> Sent: Wednesday, June 08, 2011 5:22 PM
> To: 'David Chadwick'
> Subject: RE: We met at the Cornerstones of Trust conference and...
>
> Now I understand what you're doing. It relies too much on the
> programmer getting things right for my taste, especially under
> maintenance, but at least it allows service composition without the
> kind of problems we pointed out in our Transitive Access paper.
>
> Your infrastructure is very powerful. I would prefer to use it to
> decide which capabilities the user should get, then use those
> capabilities to invoke methods on resources, delegating the capability
> when a resource reference is passed as an argument.
> > >
> > > How do I find out what other permissions the employee
> > > gets because of that attribute?
> >
> > the answer is that in a distributed system you can never know the
> > answer for sure
>
> Thanks for the direct answer. The US Defense Department folks I've
> been working with never answer me when I ask, even though the problem
> is critical in their environment. (Think Bradley Manning and
> Wikileaks.)
>
> ________________________
> Alan Karp
> Principal Scientist
> Virus Safe Computing Initiative
> Hewlett-Packard Laboratories
> 1501 Page Mill Road
> Palo Alto, CA 94304
> (650) 857-3967, fax (650) 857-7029
> http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list