[E-Lang] Proxies in an ACL system
Fri, 02 Feb 2001 12:13:19 +0000
David Wagner wrote:
> Ka-Ping Yee wrote:
> >On 1 Feb 2001, David Wagner wrote:
> >> One way to provide this level of functionality, in either a capability
> >> system or an ACL system, is to use "proxies". We write a daemon that
> >> will run in the background; when it receives a request, it will forward
> >> that request to Bob and then self-destruct.
> >This sounds plausible only until you ask how Bob knows that he is
> >supposed to obey requests forwarded by the daemon! Now the daemon
> >needs an identity and the entity passing it to Carol has to add the
> >daemon's identity to Bob's ACL.
> No. The daemon runs under Alice's identity (assuming the right to
> access the object was given to Carol from Alice).
So the daemon can do anything Alice is allowed to do? That's a rather
wider authority than was intended, surely?
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff