[cap-talk] "Discretionary" vs. "mandatory" access control

Ka-Ping Yee cap-talk at zesty.ca
Wed Jul 20 17:23:22 EDT 2005


On Wed, 20 Jul 2005, Fred Spiessens wrote:
> Anyway, this only confirms that the terms "discretional" and
> "mandatory" are not consistently used and therefor confusing, and we
> will follow Mark's advice, and no longer use them in our papers. It's a
> pity though, because a term that indicates that authority propagation
> is "decided by behavior only" would certainly be useful.  Any
> suggestions?

If you mean to define "discretionary" as "decided only by behaviour of
the non-human authority holder", which is what i think is meant when
people talk about "mandatory" and "discretionary" access control in
ACL systems, then capability systems are not discretionary either.

The ability to transfer a capability is NOT decided only by the authority
holder, because the authority holder can be confined.

On the other hand, if "authority holder" includes unconfinable subjects
such as humans, then all access control is discretionary.


-- ?!ng


More information about the cap-talk mailing list