Re: Funded Deployments of Verifiable Credentials - framework for meta-credentials from Alan Karp on 2022-09-12 (public-credentials@w3.org from September 2022)

From: Alan Karp <alanhkarp@gmail.com>
Date: Mon, 12 Sep 2022 11:13:29 -0700
To: David Chadwick <david.chadwick@crosswordcybersecurity.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CANpA1Z3bKmMC9O-J22-j+L5EU+=3D5=YG1LM7W401VsW4LyikQ@mail.gmail.com>

On Mon, Sep 12, 2022 at 10:46 AM David Chadwick <
david.chadwick@crosswordcybersecurity.com> wrote:

>
> On 12/09/2022 18:15, Alan Karp wrote:
>
> In the classic confused deputy described by Norm Hardy, there are two
> arguments in the call.  One should use the permissions of the user; the
> other, the permissions of the deputy.
>
> Did this precede the ABAC/PEP/PDP model by any chance?
>

Norm's paper <https://dl.acm.org/doi/pdf/10.1145/54289.871709> was
published in 1988.  However, my paper
<https://www.researchgate.net/publication/221548753_Solving_the_Transitive_Access_Problem_for_the_Services_Oriented_Architecture>
shows
how you get a confused deputy even in that model.

--------------
Alan Karp

Received on Monday, 12 September 2022 18:13:52 UTC