Created: 2021-11-18T17:42:09-06:00
This card pertains to a resource available on the internet.
Authority: ability for a subject to access a resource
ACL requires the resource to know you and grant access
Caps are tokens where posession grants access
The confinement property: when a permission is given to an actor they cannot reissue the permission to another actor (without in turn having permission to do so.)
Cap systems can implement confinement by not allowing a trusted actor to communicate with an untrusted one.
NB could also think of using a session ID or host data to deal with keys being leaked?
Capabilities cannot be revoked once signed and issued
Issue can be worked around by using a double facet system: a proxy and revocation facet. Alice signs proxy cap to Bob and keeps revoke cap. Bob sends messages to proxy which acts with permission delegated from Alice, but Alice can invoke revoke cap to kill the proxy.
Agents read their clearance down, write their clearance and up. Data has a classified level.
Lampson's Matrix is a device to show which user has what permission on what things.
"ACLs are the rows, Caps are the columns" but not really
Matrix is seen as the permission system even though it doesn't explain how to determine those permissions.