Docs and a bit of cleanup. In particular ALL makes no sense for revocations because they have IDs. In that case you would just revoke the COM.

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2017-03-13 06:53:23 -0700
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2017-03-13 06:53:23 -0700
commit: 010d0a7d569e3aab5261c68e4530e82171b2e311 (patch)
tree: 689afc2608a4b4f194a6629381340d21c915676a /node/Capability.hpp
parent: 902807ea50e9346b23d1d3d259fafdd6c03c34ba (diff)
download: infinitytier-010d0a7d569e3aab5261c68e4530e82171b2e311.tar.gz
infinitytier-010d0a7d569e3aab5261c68e4530e82171b2e311.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/node/Capability.hpp b/node/Capability.hpp
index 1ad6ea42..d070f2ad 100644
--- a/node/Capability.hpp
+++ b/node/Capability.hpp
@@ -52,6 +52,11 @@ class RuntimeEnvironment;
  *
  * Note that this is after evaluation of network scope rules and only if
  * network scope rules do not deliver an explicit match.
+ *
+ * Capabilities support a chain of custody. This is currently unused but
+ * in the future would allow the publication of capabilities that can be
+ * handed off between nodes. Limited transferrability of capabilities is
+ * a feature of true capability based security.
  */
 class Capability
 {
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2017-03-13 06:53:23 -0700
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2017-03-13 06:53:23 -0700
commit	010d0a7d569e3aab5261c68e4530e82171b2e311 (patch)
tree	689afc2608a4b4f194a6629381340d21c915676a /node/Capability.hpp
parent	902807ea50e9346b23d1d3d259fafdd6c03c34ba (diff)
download	infinitytier-010d0a7d569e3aab5261c68e4530e82171b2e311.tar.gz infinitytier-010d0a7d569e3aab5261c68e4530e82171b2e311.zip