[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java programs, etc.

Date: Wed, 16 Apr 1997 11:31:45 -0700
To: bryce@digicash.com
From: Peter Williams <peter@verisign.com>
Subject: Re: Java programs, etc. 
Cc: spki@v2.org


Im trying hard to get at the essential protection philosophy embodied in
SPKI/SPKI. Whereas for X.509 concepts, it all about managed
names and trust based on brand recognition, SPKI/SDSI is
responding to a distributed notion - in which security
is the a function of the collective, and the very size and dynamics 
of the domain manages the risks. The capability chains are really a navigation
tool across the risk factors, and thus fit ideally for addressing
the security problems faced by routing protocols, and n*n party
communication services.

See, Im getting into it, slowly. It takes folk
like me from the lower half of the class  a while... but
we manage it eventually.


>At 11:33 AM 4/16/97 +0200, Bryce wrote:
> >Nice example!  I'm thinking that there is a huge benefit to be
>>gained by using certificates simply to allow responsibility for a
>>given programmatic task to be delegated to a separate system.
>>This frees us from having to pack all of our important, must-not-
>>be-circumvented-or-subverted functionality into one system.
>>Which is, I think, what you just said.
>Assuming the term system means the Network, I concur.
>>This dovetails nicely with the advent of distributed computing
>>components e.g. JavaBeans and CORBA...