[Opensim-dev] Authentication and oAuth
Tommi Laukkanen
tommi.s.e.laukkanen at gmail.com
Sun Mar 1 20:11:53 UTC 2009
Hello
After reading a bit of that article and wikipedia about capabilities based
security it looks to me that the capability model requires quite severe
assumptions about environment they are used in. If I understand the system
correctly the capability framework has to be in control of the client
process capability list to stop it from forging capabilities or altering
them. This would work inside one operating system but not in the internet?
Even if there is somekind of encryption scheme to avoid forgery the
capabilities can be passed around by internet client programs if they are
not controlled somehow. Thus if you give capability A to Alice, she can pass
it to Bob. I guess you can still work around this by signing the capability
to Alice. In the end this becomes quite complex way of writing a certificate
for Alice to do thing 1,2,3 to object X. If you consider using this in any
real system you end up with huge amount of these capabilities (combination
of subject, abilities and resource) which you need to process.
Is there a document on SL capabilities so I could knock some knowledge in my
head?
regards,
Tommi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090301/9f020353/attachment-0001.html>
More information about the Opensim-dev
mailing list