[cap-talk] Process object -> "Subject" - the saga continues
Jed at Webstart
donnelley1 at webstart.com
Wed Apr 6 19:06:05 EDT 2005
I haven't given up on this subject, though I think perhaps all the
relevant information is before us and this may come down mostly
to a matter of taste. Let me try one more time to reflect on what
we know from my perspective.
Firstly with regard to:
At 09:11 AM 3/26/2005, Bill Tulloh wrote:
> >2. In the programming language community, the term "object" encompasses
> >things that have methods, and therefore engage in computation.
At 09:11 AM 3/26/2005, Bill Tulloh wrote:
>With my sincerest apologies to Jed ("that term really grates for me"), I
>finally settled on object. This is largely because of Shap's point 2
>above; object as used in the programming language community has the right
>connotations, and that community is large and well-established.
There's no doubt that the "object" term encompasses things that have
methods and therefore engage in computation. However, it's the very
generality of the "object" term that so grates for me. Is there anything
that the "object" term doesn't encompass (in a computational sense)?
As I say, from my viewpoint one may as well say something like
"thing" when trying to make clear that one is referring to an
active computational entity that may try to exercise authorities:
Thing Alice sent a file capability to thing Bob and thing Bob
Object Alice sent a file capability to object Bob and object Bob
They sound the same to me. However, when I hear:
Subject Alice sent a file capability to subject Bob and subject Bob
I at least get a bit more specificity. Then when it comes to more
nuanced discussions like:
When communicating a capability should the object have the right
to specify "do-not-delegate"? vs.
When communicating a capability should the subject have the right
to specify "do-not-delegate"?
I believe clarity is on the side of the more specific term, "subject".
The "object" term to me can be confused with the resource that
the capability provides authority (permission?) to access.
Next let me take up:
>1. Unfortunately, the term "subject" was used incorrectly in some of the
>very early literature to mean "principal". Whether this is correct or
>not is a matter of definition in any given paper, but it is a common
>misunderstanding of the term even in expert discussions.
I would like to get some references on this. Are you referring to literature
that is from the "process" time period? We chose to ignore/overwrite
that "process" term with a new and more ambiguous "object" term,
why not reclaim a more specific term like "subject" from any association
with a "principle"? When you say "principle" above I assume you are
referring to a person vs. some sort of computational "principle"? A
computational "principle" would I think be the subject sort of object
that we are discussing. I would like to understand more about this
conflicting use of the "subject" term before I (at least) give up what at
least in the sense of the English language is the appropriate term for
some "thing" that acts on an object - a "subject".
Also let me ask about:
> >3. In access control modeling, it proves that there is absolutely no
> >difference for formal analysis purposes between subjects and objects.
I guess I again need a reference and perhaps some clarification. If
by the above you (Shap) mean that all subjects are objects - well
of course I accept that. That's exactly the problem. The "object"
term is so general that it has no meaning when used to convey
the actor that does the work in a computational transaction, specifically
as distinguished from the actual "object"s of their work. However,
if you mean something stronger than that as seems to be implied
by your "absolutely no difference ... between subjects and objects"
then I would like to hear more about it. Do you mean that all
objects are also subjects? For example a "file" object is also a
subject? If so in what sense?
Finally regarding Charlie Landau's original:
>As Mark said, "The access control literature ... refers to the entity that
>may possess and exercise such a right as a 'subject'."
>Jed, you're looking for a term for the actor only, and the term is
Do I understand that Charlie feels the above statements to have been in error?
More information about the cap-talk