At 11:50 AM 4/18/99 , Charles Landau wrote:
>An obvious simplification is: Ask A to return an object C that refers to
>A but will only compare. (C is a weakened proxy for A.) Then ask B
>whether it is equivalent to the object for which C is a proxy. If B
>recognizes C and can open it up, it can do the comparison.
An important difference between their protocol and your simplification is
that theirs can do grant matching
http://www.erights.org/elib/capability/grant-matcher/index.html , while
still being an extensible form of equality. However, in order for B to be
able to meaningfully say that it agrees with the choice of C, you still
need a primitive symmetric equality primitive (like DISCRIM). In your
simplification, B can simply lie.
What's Muse?
Cheers, --MarkM