"Jeroen C. van Gelderen" <[EMAIL PROTECTED]> wrote: > > There is no way around asking the user because he is the ultimate > authority when it comes to making trust decisions. (Side-stepping the > issues in a (corporate) environment where the owner of the machine is > entitled to restrict its users in any way he sees fit. The point is > that the software agent cannot make trust decisions.)
... but you don't always have to *ask* the user, if instead you can infer from actions that the user already performs. I used to think that a capability desktop would be severely hobbled by the requirement that the user state a plethora of privilege rules, until I saw Marc Stiegler's CapDesk demo at the second O'Reilly Emerging Technologies conference. In that demo, a perfectly familiar desktop with "File -> Open" and "File -> Save As" dialogs also serves as a Least-Privilege-enforcing access control system which protects even a naive and lazy user from a malicious text editor. See also Ping Yee's research in secure Human Interface. Regards, Zooko O'Whielacronx http://zooko.com/log.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]