Scribit Marcus Brinkmann dies 10/01/2007 hora 09:15: > This "destined to S" in your proposal appears to be exactly the > tagging that I proposed. Don't you think so?
Not at all. It's a consideration for the readers of the scenario to understand what is happening, and nothing in the system has knowledge of it. No tagging takes place in my scenario. Instead, only the graph of capabilities dictate who is able to use the opaque storage capability. S is just naturally outside the reference monitor, so when B invokes s1 to send the c1 capability, G substitute c0 to c1, and S receive the opaque storage capability. Note that G has no knowledge anywhere of the processes in or out of the reference monitor. It's only because B in the first place asks A by the way of G that it receives mediated capabilities. > To implement identity based access control, when a program A wants to > proof to a peer B that it has access to an identity without actually > handing it to B. And where is identity based access control needed? Curiously, Nowhere man -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
