[cap-talk] A Plea for a Topic Change
Bill Frantz
frantz at pwpconsult.com
Wed Feb 21 02:33:28 CST 2007
markm at cs.jhu.edu (Mark S. Miller) on Sunday, February 18, 2007 wrote:
>Fred's thesis in particular has made our field much richer and deeper. After
>we discuss and appreciate the issues Fred raises, we will also have a much
>richer context for revisiting these terminology issues. I propose that we all
>take a break this week from further terminology discussion and instead read
>Chapters 1 & 2 of Fred's thesis. Starting the week of 2/25, I'll have the time
>to start discussing it. As a background part of this discussion, we can try on
>our various terminology proposals and see how well they fit.
Having read most of Fred's thesis, I agree with MarkM that it makes our
field much richer and deeper. It makes it clear that only reasoning
about permissions does not allow one to reason about the security of a
system; that instead, one must reason about authority. It then goes on
to develop a language for reasoning about authority, and the language
allows a model of authority to be refined one piece at a time, without
having to re-do the entire model for each successive refinement.
All-in-all, a very nice piece of work.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list