[cap-talk] "Who" seen as thorny (was: Defense of Identities, etc.)
Jonathan S. Shapiro
shap at eros-os.com
Mon Dec 11 13:34:38 CST 2006
On Mon, 2006-12-11 at 20:03 +0100, Valerio Bellizzomi wrote:
> There is a lot of terminology proliferation, so far I've seen "process
> ids", "subject ids", and "principal ids". Could we try to use a single
> term to avoid confusion, or define each one precisely ?
In the classic literature:
a principal id is associated with a (human) user. I.e. it is
something that is authenticated at the establishment
of the login session.
a subject id uniquely denotes a process
The problem is that this model assumed pure process isolation, and
people later introduced multithreading and shared memory into the model.
For our purposes we must assume that two processes with shared mutable
storage should be treated as a single subject.
One process running read-only code provided by a second is very sticky
to get a handle on, and isn't really a case contemplated by the
classical terminology.
More information about the cap-talk
mailing list