[cap-talk] SCOLL : A Language for Safe Capability BasedCollaboration

Fred Spiessens fsp at info.ucl.ac.be
Wed Jul 20 17:15:01 EDT 2005

On 20 Jul 2005, at 19:32, Karp, Alan H wrote:

> MarkM wrote:
>>                 I have no idea what people think they mean
>> when they say
>> "mandatory".
> I have a working definition that I believe is consistent with the way
> the word is used in DoD publications.  The distinction between 
> mandatory
> and discretionary, to my mind, is whether or not policy enforcement is
> local to the object responding to the request.  "Mandatory" means that
> there's some external control.

That is how I have seen it used too. Therefor, in my opinion 
discretionary was good: it puts the power to propagate authority 
*completely* in the (local) behavior. It only *looks* weak to people 
that jump to the false conclusion that you then automatically have to 
rely on the behavior of every subject, which is not necessary true: 
with object capabilities for instance, authority propagation is 
controlled by the behavior of *both* collaborating parties. Either of 
them can thus individually *prevent* propagation of authority, and only 
together can they *enable* propagation. This makes it possible to have 
safe collaboration with a non-relied-upon party: you just rely on the 
other party.
This does not mean of course that every discretionary policy would be 
capability based, or even effective. ACL's however, would not be 
discretionary in this view.

I have also seen the term "mandatory" being used to *specify* the 
global confinement properties, whereas in the same paper, the 
behavior-based *enforcement* of that policy was called "discretionary".

Anyway, this only confirms that the terms "discretional" and 
"mandatory" are not consistently used and therefor confusing, and we 
will follow Mark's advice, and no longer use them in our papers. It's a 
pity though, because a term that indicates that authority propagation 
is "decided by behavior only" would certainly be useful.  Any 


Fred Spiessens
Researcher Software Security
Université catholique de Louvain
fsp at info.ucl.ac.be
On 20 Jul 2005, at 19:32, Karp, Alan H wrote:

More information about the cap-talk mailing list