Christopher's approach is similar to the SPKI (Simple Public Key
Infrastructure, not some other expansion of the acronym that
popped up later).
Mapping SPKI to the SturdyRef, vatA would issue a certificate to
vatB and sign it with vatA's signing key. This certificate
allows vatA to get a live reference to the object specified in
the certificate. In doing so, vatB must sign the challange sent
by vatA as part of the protocol.
If vatB wants to pass the certificate to vatC, is generates a
new delegation certificate and signs it which it passes to vatC.
vatA will check vatB's signature before engaging in the protocol
to get a live reference.
Note that since the users of the get live reference protocol
have to prove they have the signing key for the certificate, the
certificates can be public information. They don't need to be
kept secret.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com | - Vaclav Havel | Los Gatos,
CA 95032