[Cryptography] Do capabilities work? Do ACLs work?
John Denker
jsd at av8n.com
Wed Feb 11 22:47:59 EST 2015
On 02/11/2015 11:03 AM, Nico Williams wrote:
> Authorization information has to be possible to
> aggregate in semantically meaningful ways to be useful for answering
> meaningful questions such as "what can this employee do?".
Sometimes that "has to be possible" ... and sometimes
not. It is not desirable to allow somebody on a whim
to ask the general question of "what is this person
authorized to do?"
In particular, suppose I walk into a sleazy bar and wish
to open a tab. It is reasonable for the barkeep to ask
a couple of capability-related questions:
1) Is this guy of legal age?
2) Does this guy have a line of credit with the bank,
good for $50.00 or so?
It is *not* reasonable for him to ask other questions:
3) Does this this guy have a line of credit with the
bank, good for $500,000.00 or so?
4) Does this guy hold a NATO nuclear security clearance?
5) Does this guy hold a commercial pilot certificate?
6) Is this guy authorized to transport a box full of
ballots from point A to point B on election day?
*) et cetera......
Questions in the latter group might be perfectly reasonable
in some other context, but not here. In general, we do not
want some random person going fishing through the whole
list of capabilities.
More information about the cryptography
mailing list