[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java programs, etc.
-----BEGIN PGP SIGNED MESSAGE-----
Marianne,
SPKI isn't straight capabilities but there are some similarities.
At 02:44 PM 4/8/97 -0700, Marianne Mueller wrote:
> Notes on Capabilities Model
> ===========================
>
>Presented by Marv Schaefer on May 1st 1996 at the Java Security
>Workshop
>So, questions are:
>
> + is posession of capability sufficient or is something else needed ?
Possession isn't enough. This is what makes SPKI certs different from
capabilities. SPKI certs have signatures and you have to:
1) demonstrate power to use a private key
2) present a chain of authorization between that private key and the source
of authority
> + where do capabilities come from ?
Any verifier is a source of authorization. The verifier (typically a
gateway or a resource owner), makes decisions based on these certificates.
It therefore has the power to grant capabilities.
> + what has capability-building capability ?
Every principal has the power to delegate authorizations it has been granted.
> + how and when can capabilities be:
> - passed ?
In the clear, at any time.
> - stored ?
Anywhere.
> - reused ?
As long as they're still valid.
> - augmented ?
Never.
> - attenuated ?
By any delegator.
> - revoked ?
Only by on-line test. Normally they expire.
> + are capabilities inherited ?
Only if you specifically delegate them. This concept is from the capability
model and I believe has to do with child processes.
> + are capabilities typesafe ? scrutable ? inscrutable ? to what ?
These words don't mean anything to me in SPKI terms.
> + define "domain" ?
..ditto
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM1KWxVQXJENzYr45AQHu0gQAhykKss8QReX36V3Laa6sLZ9X63HFRWnj
71sQZcwqX7Qcho5ze1jatk4ZwtsB4Ej9jxP2ouPybayct6axq0y5N+1c/LEHzPz5
kKA1fDa+4DTGg9NnYiW6ItsHVh2cFqlVTI0cwmOaxdMlX4PZN1ZBfe/PxH2qeq1Q
Z8yAECXn5iY=
=pOMW
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: