[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cap exchange race with map/unmap

From: Jonathan S. Shapiro
Subject: Re: cap exchange race with map/unmap
Date: Tue, 18 Oct 2005 14:13:02 -0400

On Tue, 2005-10-18 at 19:15 +0200, Marcus Brinkmann wrote:
> > Please name a capability that does not require this management?
> All capabilities that are "single revocable copy only", ie, which are
> mapped, but for which the receiver does not need (nor should) be
> allowed to retrieve a copy.

I agree. And we have previously established that we need to understand
how often this occurs in practice, and I have promised to describe where
this pattern is used in EROS/KeyKOS.

> The only operation that the receiver can perform is to pass this
> capability to another server as a form of authentication.

The question at hand concerns interaction with the cap server, and is
orthogonal to authentication. The general pattern is any place where the
sender transmits a capability that they wish to be able to selectively
revoke later.

I do understand that authentication tokens are an example of where this
operation might be used.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]