[cap-talk] SCOLL : A Language for Safe Capability BasedCollaboration

Karp, Alan H alan.karp at hp.com
Wed Jul 20 13:32:41 EDT 2005


MarkM wrote:
>                 I have no idea what people think they mean 
> when they say 
> "mandatory".
>
I have a working definition that I believe is consistent with the way
the word is used in DoD publications.  The distinction between mandatory
and discretionary, to my mind, is whether or not policy enforcement is
local to the object responding to the request.  "Mandatory" means that
there's some external control.

Say that Alice has a reference to Bob and makes a request.
"Discretionary" is when Bob decides whether or not to honor the request.
"Mandatory" is when some third party decides.  The latter was done with
"negative permissions" in Client Utility, but it can also be done with a
caretaker pattern with object capabilities.  (I know.  Alice doesn't
really have a reference to Bob in that case.  However, she thinks she
does, and that's what matters here.)

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20050720/7505e3ff/KarpAlanH.vcf


More information about the cap-talk mailing list