[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalkaand ScottSmith of Johns Hopkins)

Dan Bornstein danfuzz@milk.com
Fri, 19 Jan 2001 15:21:10 -0800 (PST)

Scott Smith <scott@cs.jhu.edu> writes:
>Lets map capabilities on to some real-world scenarios.  Credit cards. 
>Taken as a pure capability all you need to do is present the card, you
>can pass the card around if you want, presenting it buys anything, etc. 
>But they don't work that way.  Signatures/photo ID/... are needed as
>non-capability cross-checks.  This is my entire point: cross-checks to
>capabilities are needed.  More interesting is how credit-card
>transactions have been evolving in the on-line world.  There they
>started as pretty much pure capabilities in that no signature is
>required, only the number.  But, you now must give a billing address. 

I've definitely noticed the trend of on-line/telephone ordering where you
have to give extra information to authorize yourself as a legitimate credit
card holder, but I've noticed the reverse trend when it comes to actually
using a physical card. That is, it's looking like, more and more, a
physical credit card *is* a capability (and, unfortunately, given the
technology, a forgeable one). Two examples:

I can go up to a movie ticket kiosk at the Metreon or AMC 1000 Van Ness,
swipe my credit card, and have tickets to the movies in about a minute
flat, and at no time am I asked for a signature. Recently, I was in the
airport and was amazed that the person at the coffee stand swiped my credit
card, handed me my coffee and a receipt, and never asked me to sign

I presume that the reasons that the card companies allow this is that (1)
the potential amount of fraud from these sorts of interactions is fairly
limited, and (2) they're relying on "smart card" technology to make it
increasingly harder to forge the physical cards as time goes on, and they
figure that the potential rewards down the line are worth the extra fraud
risk today.