Password Capability Model

A password-capability system is one in which "knowledge is power" - in which knowledge of (hopefully) unguessable bits is adequate to demonstrate that one holds a given capability, and that therefore one may exercise whatever right that capability authorizes. Password capabilities are also known as "sparse capabilities".

Note: This refers to the practice of using long, pseudo-randomly generated MagicCookies? as machine-to-machine authentication tokens; not to the familiar practice of having to type in your dog's name to log into your workstation. Human-entered passwords (whether picked by humans or generated by machines) have lots of additional issues.

Cryptographic capability protocols, by themselves, can never be more than password capability systems, as the starting point for all cryptographic security is use of unguessable secret keys. We say that password capability systems use unguessability to approximate unforgeability.

Password-capability systems include

• AmoebaOs
• MonashOs (Though this is in some sense a hybrid)

Some systems, such as EeLanguage, use password capabilities as part of the DistributedObjectCapabilityModel.

Online cryptographic capability protocols include

• DonnelleyProtocol
• the protocol used by Mach [MachMicrokernel]
• CapTpProtocol?
• TheWebCalculus

Offline cryptographic capability certificate systems include

• SPKI (SimplePublicKeyInfrastructure)
• CapCert? (in progress)

---

CategorySecurity CategorySecurityModel CapabilitySecurityModel