ZTAuth

[Alan Karp]

This is the system I described last Friday.  To refresh your memory, the basic idea is that a user gets an environment when logging in.  Invoking a service creates a transaction specifying some resources from that environment.  Nobody processing that transaction can use any additional resources.  My concern was with chained delegation. 

Alice invokes Bob's backup service, which uses Carol's copy service.  Alice says, "backup in out."  The backup service says, "copy in out."  The problem is that "copy" is not in the original set of resources.  

I was told today that "calling another service is not adding authority."  That sounds to me like it might make a confused deputy possible.

--------------
Alan Karp

[Raoul Duke]

if the shoe fits,

https://everything2.com/title/confused+deputy

"A deputy is confused when he accidently uses his own permissions where he should have used the permissions of his client. For instance, one of his clients could tell the deputy to read input from a file the deputy is allowed to read, but the client is not. How should the deputy protect himself againts tricks like that?"

--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z1u24m3ZPbLhvG0srrkLUZqXTwsH0EDmP9ZT6AUBaBVKQ%40mail.gmail.com.