[cap-talk] ... enforcement - ambient authority - definition
marc.d.stiegler at hp.com
Thu Sep 30 13:19:57 EDT 2004
> MarkM's first presentation on the ideas behind E and CapDesk
> to the HP security people engendered the comment "Windows
> does support POLA". It took us a few seconds to realize what
> the speaker meant. MarcS got it first and pointed out that
> the statement was true, but only at the level of the user.
> Since that time, we've been saying that such systems support
> "POLA at user granularity". Throw in ambient authorities and
> you can talk about "user granularity ambient authorities."
> It's a mouthful, but it captures the key elements.
Just for clarification, in the meeting I granted the hypothesis that Windows does POLA at the user level based on ignorance. That was a useful stance to take in the meeting, when trying to make more fundamental points (like, it's not the user that is the danger on the typical desktop--the user is the owner, for heavens sake). However, I have since spent a year digging in the heart of WinXP security, and it's just not true. Windows doesn't do POLA at any level of granularity :-)
More information about the cap-talk