--- begin forwarded text
Status: RO Date: Thu, 23 Jan 2003 17:25:37 -0800 To: SPKI List <[EMAIL PROTECTED]> From: Bill Frantz <[EMAIL PROTECTED]> Subject: [e-lang] Granovetter diagrams and capability bags Cc: Ka-Ping Yee <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Ka-Ping Yee is working on a paper which contrasts a number of security systems including SPKI. The paper is being discussed in detail on the E language list (see headers below for information). For some background on the terminology Ping is using see: http://www.erights.org/elib/capability/ode/index.html He is now asking questions about how SPKI is used in the real world, which I can't answer. Can anyone here help him? >From: Ka-Ping Yee <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: [e-lang] Granovetter diagrams and capability bags >Reply-To: [EMAIL PROTECTED] >List-Help: <mailto:[EMAIL PROTECTED]?subject=help> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <http://www.eros-os.org/mailman/listinfo/e-lang>, > <mailto:[EMAIL PROTECTED]?subject=subscribe> >List-Id: Discussion of E and other capability languages ><e-lang.mail.eros-os.org> >List-Unsubscribe: <http://www.eros-os.org/mailman/listinfo/e-lang>, > <mailto:[EMAIL PROTECTED]?subject=unsubscribe> >List-Archive: <http://www.eros-os.org/pipermail/e-lang/> >Date: Thu, 23 Jan 2003 19:01:38 -0600 (CST) > >I am realizing as i write this paper that the Granovetter diagram >is insufficient in one important way: it does not distinguish >C-lists-as-sets from C-lists-as-maps. > >This is an important distinction between the capabilities-as-keys >model and the capabilities-as-object-references model. Often >(though not always) people talk about storing keys on "keyrings", >and searching the keyring to find the appropriate key. > >The distinction between trying all the keys on your keyring and >using a key which you have previously labelled bears directly on >the Confused Deputy problem, but is not visible in a Granovetter >diagram. > >SPKI, for instance, *could* be implemented like C-lists-as-sets >(upon trying to perform an action, flip through all your >certificates to find one that names the resource you want). >Such a mechanism would be vulnerable to Confused Deputy problems. > >Bill, do you have any sense of how SPKI certificates are typically >handled -- are they named with local names, or merely thrown in a >bag? (For the sake of this question, naming certificates according >to the names within them is equivalent to throwing them in a bag.) > >To avoid confusion with the term C-list, and also to avoid >"capability set" since that seems to be already a loaded term, >how about calling these two structures C-maps and C-bags? > > >-- ?!ng > >_______________________________________________ >e-lang mailing list >[EMAIL PROTECTED] >http://www.eros-os.org/mailman/listinfo/e-lang > ------------------------------------------------------------------------- Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The SPKI Mailing List Unsubscribe by sending "unsubscribe spki" to [EMAIL PROTECTED] --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
