[cap-talk] A better reference for the "capabilities propagatetoo easily" argument
Karp, Alan H
alan.karp at hp.com
Thu Aug 2 01:02:59 EDT 2007
MarkM wrote:
>
> I accept that this definition is meaningful and internally consistent.
> However, it differs so completely from historical usage as to be worse
> than useless. For example, by this definition, even a simple ACL
> system implements mandatory security: If Alice creates file F, she
> owns file F. If Alice does not put Bob on F's ACL, then from Bob's
> point of view, his inability to access the file is mandatory. Try
> telling any security person not on cap-talk that even conventional
> ACLs implement mandatory security! (On second thought, please don't
> try this.)
>
That's why my definition refers to "neither party in the rights
transfer". That would make it mandatory for both Alice and Bob in your
example.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list