[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rant on Capability Security [LONG]
At 08:58 AM 4/18/97 -0400, jar@ornl.gov wrote:
>I think you are missing some of the power of SPKI as I envision it. The
point
>is that there are lots of situations where authority is not mapped
directly onto
>file (or device) access permissions. If the latter were adequate, the CMW
>solution probably covers most of your points.
I think I understand some of the power of SPKI as it has been evolving in
the last month, and it scares me. I don't think I will be able to reason
correctly about the security relationships, particulary at 3AM while
fighting a fire. I tried to keep my use of SPKI simple, and directly
mapped to capabilities, so I would be able to use my 25 years of experience
with capabilities to reason about the security relationships. YMMV
>Instead, I see executable programs (single entities) that do different
things
>according to the certificates presented to it when it starts to run. My
example
>of remote access to online facilities is a good example. A grade-school
student
>might be able to view the output of an electron microscope, but not have
access
>to the focus controls. A researcher could do everything.
This approach maps well to different capabilities, each with different
authority over a single object. In your example, the researcher would have
all the authorities, while the grade-school student would have only the
"view" authority.
Bill Frantz Electric Communities
Capability Security Guru 10101 De Anza Blvd.
frantz@communities.com Cupertino, CA 95014
408/342-9576 http://www.communities.com
Follow-Ups: