e-lang: RE: Split Capabilities: Making Capabilities Scale

RE: Split Capabilities: Making Capabilities Scale Mark S. Miller (markm@caplet.com)
Sun, 09 Jul 2000 10:23:34 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
[ Previous ] In reply to: Karp, Alan

At 08:30 AM 7/6/00 , Karp, Alan wrote:
>... the e-speak Protection Domain, an
>e-speak resource which defines the part of the universe accessible to the
>user. It contains the e-speak root name frame, which defines the user's
>name space, and a mandatory key ring, basically a set of capabilities that
>get presented on every request. In general, there are capabilities on this
>key ring that the user cannot remove. This latter feature enables us to
>enforce "negative permissions", capabilities that deny access to certain
>resources.

If you indeed have a way to enforce negative permissions across a mutually mistrustful distributed system, I would be very impressed. If the user has access to his own hardware, how is he prevented from removing the negative capabilities on his mandatory key ring?

         Cheers,
         --MarkM

[ Previous ] In reply to: Karp, Alan