[cap-talk] SCOLL : A Language for Safe Capability
Karp, Alan H
alan.karp at hp.com
Wed Jul 20 13:32:41 EDT 2005
> I have no idea what people think they mean
> when they say
I have a working definition that I believe is consistent with the way
the word is used in DoD publications. The distinction between mandatory
and discretionary, to my mind, is whether or not policy enforcement is
local to the object responding to the request. "Mandatory" means that
there's some external control.
Say that Alice has a reference to Bob and makes a request.
"Discretionary" is when Bob decides whether or not to honor the request.
"Mandatory" is when some third party decides. The latter was done with
"negative permissions" in Client Utility, but it can also be done with a
caretaker pattern with object capabilities. (I know. Alice doesn't
really have a reference to Bob in that case. However, she thinks she
does, and that's what matters here.)
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20050720/7505e3ff/KarpAlanH.vcf
More information about the cap-talk