[cap-talk] Access Control for Beagles (was: Declaring a victory)

Cat Okita cat at reptiles.org
Sun Aug 12 23:51:05 EDT 2007 

On Sun, 12 Aug 2007, Mark Miller wrote:
>> Sometimes we say that X relies on all of the code that X invokes.
>
> We are not saying this. Imagine that Y is a beagle breeder. Y's code
> is a beagle that X buys. If X's beagle bites Z, Z will sue X. If X
> doesn't know how aggressive this cute little beagle might be, it is
> X's responsibility to use POLA (fences, leashes, etc) to keep his
> beagle from biting Z.

I've gotten utterly lost somewhere in here...  is this about a reasonable
summary?

 	Xavier buys a beagle from Yngvar.
 	Xavier's beagle bites Zachary.
 	Zachary sues Xavier because of how the beagle behaves.

 	[ separately ]
 	Xavier should have controlled the beagle somehow, because Xavier
 		had no idea how the beagle might behave (up to and including
 		biting Zachary), and is responsible for anything the beagle does?


> Historically, we've had only identity-based systems in which entities
> could be held responsible, or authorization-based systems, in which
> entities could act responsibly.
> Horton allows Z to hold X responsible by use of coarse-grain
> identity-based controls.
> Horton does not interfere with X's use of fine-grained authorizations
> in order to act responsibly.

... so would that be:

 	Horton allows Zachary to sue Xavier, because Xavier owns the beagle.

 	-but-

 	Horton also allows Xavier to control his beagle as Xavier sees fit.

> That's the logging aspect. The other aspect is to enforce policy based
> on such records, such as Z no longer inviting X into his house after
> being bitten.

So... the sequence of events would be:

 	Xavier buys a beagle from Yngvar.
 	Zachary invites Xavier and the beagle to his house.
 	Xavier's beagle bites Zachary.

 	[ subsequently ]
 	Because Xavier's beagle bit Zachary, Zachary no longer invites Xavier
 	to his house... (and by extension Xavier's beagle is also no longer
 	invited)

... or have I completely missed the boat (or had my brain devoured
by the beagle ;> (and in this case, would there be any responsibility
acruing to Yngvar, since Yngvar was the source of the misbehaving beagle?))

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

More information about the cap-talk mailing list