Thoughts on droplets -- clarification

shapj@us.ibm.com shapj@us.ibm.com
Tue, 2 Nov 1999 10:59:02 -0500


I want to clarify one part of my earlier posting about Droplet
capabilities.  I think some may have read it as a suggestion that existing
features be removed, which was not my intent.

My understanding is that Droplets currently implements two capabilities:
session specific capabilities and global capabilities.  Both of these are
good and useful.  My belief is that Droplets would achieve greater use if
it also incorporated global capabilities whose use was contingent on
authentication.  I shall call these contingent capabilities.  The idea is
that there be a pair of transformations of the form

     authenticate(contingent-capability, auth-token) --> session-capability
     make-contingent(session-capability)

where the semantics of authentication is determined by the server.

Jonathan S. Shapiro, Ph. D.
Research Staff Member
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085  (Tieline: 863)
Fax: +1 914 784 7595