- From: Christopher Lemmer Webber <cwebber@dustycloud.org>
- Date: Wed, 20 Dec 2017 17:46:02 -0600
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Cc: public-credentials@w3.org, Mark Miller <erights@gmail.com>
Hi David! Sorry for my delay in response, I've been behind on email. David Chadwick writes: > Hi Chris > > thanks for distributing the draft. I have a few comments on this as follows > > 1. Do the chains of capabilities form a tree or a directed graph of > capabilities. If directed graphs of capabilities how are these dealt > with e.g. one of my keys is a granted key in two different proclamations > from two different creators. I then create a proclamation with my key to > one of your keys, and I set the parent proclamation to be a list of the > two parents (there is nothing in JSON to stop this). What if one of the > parents subsequently revokes their proclamation but the other parent > does not. What capabilities is your key left with? It's a linked list that does not branch into a tree, since you only link upward to one parent capability document at a time. > 2. Say I want to give my class of 100 students access to my research > lab. Using the scheme as outlined in your draft, I would presumably have > to issue 100 proclamations with a subject of MyLab, and know the keys of > all my students. In my prior research using RBAC and X.509 ACs, I would > instead (using your language) create a single proclamation where the > authority to access MyLab was not granted to a key, but rather to a role > (e.g. MyStudent role). Any person who can then present two capabilities, > namely one for access to MyLab, and the other containing the MyStudent > role, would be granted access to my lab. I leave the issuing of > MyStudent role capabilities to my administration, as they know which > students enrol for my course and which dont. Other capability creators > can similarly give rights to MyStudents by issuing single capabilities. > I believe this is a far more powerful and flexible model than simply > issuing capabilities to keys. (In the same way that RBAC is superior to > ACLs.) You may want to look at the Zebra Copy article, and what they did in working with HP: http://www.hpl.hp.com/techreports/2007/HPL-2007-105.pdf (just the first 17 pages) Anyway, yes, an organization can hand out capabilities to students rather than you handing them out. That's delegation and supported by the existing model, even when linking to a specific key. So you can give a capability to the administration, and the administration can delegate to the specific users. The administration can also put a caveat in the capability they hand out to users permitting them to revoke it at a later time, for example if the user leaves the course. Does that make sense? - Chris
Received on Wednesday, 20 December 2017 23:47:32 UTC