I strongly recommend reading that paper I sent the reference to.
The cool thing about CAPs on the web (and the reason why I'm excited
about it, after knowing _of_ CAPs for 20 years and never really getting
them) is that CAPs are URLs that can come and go dynamically. Most of
the CAPs literature is within the field of operating systems, which is
slightly different. Think of CAPs here as URLs that are dynamically
created and revoked. If the URL is not there, you can't access the
service even if you know about the URL.
So yes, region A can get a one-time CAP for an item, and instead of
using it, it passes it to region B. You have the same problem with
Tokens: region A gets the authorized token, but instead of using it,
passes it to region B. This is, as you say, a matter of certifying the
receiver, which is a separate matter.
It would be nice to have some security experts in this discussion...
On my end I'm really excited with this idea of URLs that come and go in
shared-secret URLs instead of fixed URLs+authentication+authorization.
Tommi Laukkanen wrote:
Hello
After reading a bit of that article and wikipedia about capabilities
based security it looks to me that the capability model requires quite
severe assumptions about environment they are used in. If I understand
the system correctly the capability framework has to be in control of
the client process capability list to stop it from forging
capabilities or altering them. This would work inside one operating
system but not in the internet? Even if there is somekind of
encryption scheme to avoid forgery the capabilities can be passed
around by internet client programs if they are not controlled somehow.
Thus if you give capability A to Alice, she can pass it to Bob. I
guess you can still work around this by signing the capability to
Alice. In the end this becomes quite complex way of writing a
certificate for Alice to do thing 1,2,3 to object X. If you consider
using this in any real system you end up with huge amount of these
capabilities (combination of subject, abilities and resource) which
you need to process.
Is there a document on SL capabilities so I could knock some knowledge
in my head?
regards,
Tommi
------------------------------------------------------------------------
_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
