As for documentation about CAPs in the Linden world... :-) there is
none, zip, nada. Even that simple question that Dirk asked on the sldev
list about inventory CAPs has been unanswered for 3 days.
This has been a guessing game, first by whoever did that part and then
by me as I started looking into teleports. All I know is that we can use
those client capabilities in a non-trivial manner to produce a more
secure system than what we have now. Specifically we can prevent regions
from teleporting users, which they could do maliciously, simply by not
giving them a seed cap.
Diva Canto wrote:
I strongly recommend reading that paper I sent the reference to.
The cool thing about CAPs on the web (and the reason why I'm excited
about it, after knowing _of_ CAPs for 20 years and never really
getting them) is that CAPs are URLs that can come and go dynamically.
Most of the CAPs literature is within the field of operating systems,
which is slightly different. Think of CAPs here as URLs that are
dynamically created and revoked. If the URL is not there, you can't
access the service even if you know about the URL.
So yes, region A can get a one-time CAP for an item, and instead of
using it, it passes it to region B. You have the same problem with
Tokens: region A gets the authorized token, but instead of using it,
passes it to region B. This is, as you say, a matter of certifying the
receiver, which is a separate matter.
It would be nice to have some security experts in this discussion...
On my end I'm really excited with this idea of URLs that come and go
in shared-secret URLs instead of fixed URLs+authentication+authorization.
Tommi Laukkanen wrote:
Hello
After reading a bit of that article and wikipedia about capabilities
based security it looks to me that the capability model requires
quite severe assumptions about environment they are used in. If I
understand the system correctly the capability framework has to be in
control of the client process capability list to stop it from forging
capabilities or altering them. This would work inside one operating
system but not in the internet? Even if there is somekind of
encryption scheme to avoid forgery the capabilities can be passed
around by internet client programs if they are not controlled
somehow. Thus if you give capability A to Alice, she can pass it to
Bob. I guess you can still work around this by signing the capability
to Alice. In the end this becomes quite complex way of writing a
certificate for Alice to do thing 1,2,3 to object X. If you consider
using this in any real system you end up with huge amount of these
capabilities (combination of subject, abilities and resource) which
you need to process.
Is there a document on SL capabilities so I could knock some
knowledge in my head?
regards,
Tommi
------------------------------------------------------------------------
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
------------------------------------------------------------------------
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev