Thu, 18 Nov 1999 16:05:05 -0800 (PST)
Bill Frantz sez:
>At 03:37 PM 11/18/1999 -0800, Chip Morningstar wrote:
>>Capabilities and credentials can be combined, to create a something like a
>>non-transferable capability, in the sense of a capability that is of no use
>>unless its holder can also simultaneously engage in a credential verification
>>protocol as me. In particular, I can give this capability to someone else to
>>hold onto and then forget about it myself, knowing that (A) they won't be
>>to do anything with it, and (B) if they give it back to me at some future
>>I will still be able to use it. All of this hinges, of course, on my keeping
>>some secret that I never disclose to anyone which is the secret I use in the
>>credential verification protocol. This secret, in essence, is my identity.
>This sounds like Rights Amplification, where holding two capabilities is
>more powerful than either one alone. (In your case, either one alone would
>offer effectively no authority.)
In terms of mechanism, you're completely correct.
However, I'm still also pondering (not to any particular conclusion as
yet, alas) how to "go meta" so that we can, as I said, communicate
*about* capabilities without communicating the capabilities
themselves. In other words, just because we have a mechanism that lets
us do credentialing doesn't necessarily imply that we have a clue
about what the best way to employ it is.