At 11:31 PM 5/24/96 -0400, E. ALLEN SMITH wrote:

From: IN%"frantz@netcom.com" 24-MAY-1996 21:22:44.97

...

We can use certificates (ref: SPKI) to implement network capabilities. These certificates make statements of the form: The holder of the secret key which corresponds to this public key is permitted these specific forms of access to this specific resource on this location (e.g. a URL). These certificates can act like capabilities. They can be passed by creating a new certificate for the receiver which gives it the privileges implied by the old certificate. They can be rescinded in any of a number of ways.

I suppose that the new certificate is created through a message signed by the old certificate's private key?

Sounds like a good way to me. When you want to pass a capability, you can either get a completely new certificate from the resource's system, or generate a (possibly temporary) transfer certificate that accompanies a copy of your certificate. Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA