[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Runtime info flow in Java



At 11:31 PM 5/24/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"[email protected]" 24-MAY-1996 21:22:44.97
>>We can use certificates (ref: SPKI) to implement network capabilities. 
>>These certificates make statements of the form: The holder of the secret
>>key which corresponds to this public key is permitted these specific forms
>>of access to this specific resource on this location (e.g. a URL).  These
>>certificates can act like capabilities.  They can be passed by creating a
>>new certificate for the receiver which gives it the privileges implied by
>>the old certificate.  They can be rescinded in any of a number of ways.
>
>        I suppose that the new certificate is created through a message
>signed by the old certificate's private key?

Sounds like a good way to me.  When you want to pass a capability, you can
either get a completely new certificate from the resource's system, or
generate a (possibly temporary) transfer certificate that accompanies a
copy of your certificate.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA