Capability revocation
9 views
Skip to first unread message
Alan Karp
May 18, 2023, 2:10:16 PM5/18/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
I made a comment in the Distributed Web Node (DWN) discussion list that revocation is something that is better to think about earlier in the design process than later. Since I opened my big yap, I've not been tasked with explaining what I mean.
--------------
Alan Karp
I think I should start with the various options. I came up with
- No revocation; rely on short-lived capabilities.
- Revocation is a specific permission.
- The holder of a capability can revoke it.
- The delegator of a capability can revoke any direct delegations.
- The delegator of a capability can revoke any delegation deeper in the chain.
- For certificate-based capabilities, revoke the public key it's issued to.
What did I miss?
--------------
Alan Karp
Mark S. Miller
May 18, 2023, 2:38:07 PM5/18/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
Is Caretaker, Membrane, Horton all covered by #2?
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z2%3DFJyy-3H5VqRKuxfRhojUaS0rGmWwNtUQMwT6Go2a3A%40mail.gmail.com.
Cheers,
--MarkM
--MarkM
Alan Karp
May 18, 2023, 7:01:33 PM5/18/23
to cap-...@googlegroups.com
That's my understanding.
--------------
Alan Karp
--------------
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAK5yZYjvSRCnPa5ZVCJJpHXVdT_AQ6oB7yeJ0LTXkS93F_7L-w%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages