[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

David Wagner daw@mozart.cs.berkeley.edu
1 Feb 2001 05:57:41 GMT


Tyler Close wrote:
>Writing interesting collaborative
>software is about creating much more interesting authority flows. One
>of the simpler ones is the "once-only" authority. Carol is authorized
>to use Bob once, but after that use the authority goes away.

One way to provide this level of functionality, in either a capability
system or an ACL system, is to use "proxies".  We write a daemon that
will run in the background; when it receives a request, it will forward
that request to Bob and then self-destruct.  The daemon can incorporate
an access control mechanism to make sure that only Carol can invoke
the daemon (and we can use either an ACL or a capability to enforce this).

You may also find Nikita Borisov's work on active certificates of
interest in this respect.

>More interesting scenarios are when the ability to use one right is
>contingent upon giving up others.

There's no reason that an ACL system can't export this functionality.
ACL's are a way of structuring how you store the access control matrix;
you can implement either a very limited or a very rich API for modifying
the access control matrix, as you see fit.  Adding this stuff to the API
might not be the best design approach, though, because it's not clear
whether you want such a complicated API.  One alternative is to use
"proxies" as above to enforce the semantics you want.