[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rant on Capability Security [LONG]
> This is my basic mental model, also. Providing one can determine the precise
> scope of PolicyMaker language, and make a java class which is equivalently
> restricted to those language features, then, as with PolicyMaker, assuming a
> type-safe and trusted execution environment, there is no reason why the
> specific security policy rules which authorize an action cannot be
> expressed in java application "notation" within an auth field.
> End-systems can persistently learn permission schemes, or obtain the
> implementation of the arithmetic and reduction algebra from the auth-field
> each time, where the notation is a trusted java class. A minimum profile of
> SPKI may or may not mandate support for the static Policy maker language...we
> will see.
> I actually cannot find however a non-proprietary-controlled PolicyMaker
> detailed description document, even though its referenced in the SPKI WG's
> IETF docs (which require ceding of change control, etc)
> Could someone from AT&T post a public-domain version, perhaps, as an I-D
> to this WG?
Matt Blaze said in Memphis that it would be available quite soon.