[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rant on Capability Security [LONG]
At 08:58 AM 4/18/97 -0400, email@example.com wrote:
>I think you are missing some of the power of SPKI as I envision it. The
>is that there are lots of situations where authority is not mapped
>file (or device) access permissions. If the latter were adequate, the CMW
>solution probably covers most of your points.
I think I understand some of the power of SPKI as it has been evolving in
the last month, and it scares me. I don't think I will be able to reason
correctly about the security relationships, particulary at 3AM while
fighting a fire. I tried to keep my use of SPKI simple, and directly
mapped to capabilities, so I would be able to use my 25 years of experience
with capabilities to reason about the security relationships. YMMV
>Instead, I see executable programs (single entities) that do different
>according to the certificates presented to it when it starts to run. My
>of remote access to online facilities is a good example. A grade-school
>might be able to view the output of an electron microscope, but not have
>to the focus controls. A researcher could do everything.
This approach maps well to different capabilities, each with different
authority over a single object. In your example, the researcher would have
all the authorities, while the grade-school student would have only the
Bill Frantz Electric Communities
Capability Security Guru 10101 De Anza Blvd.
firstname.lastname@example.org Cupertino, CA 95014