[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Karp, Alan H
alan.karp at hp.com
Mon Jan 1 20:00:01 CST 2007
MarkM wrote:
>
> > Let's start with a plain conventional Unix ACL-ish example.
> I create a file
> > foo.txt. I choose not to give you write permission on this
> file. Are we
> > interacting using mandatory or discretionary security?
>
> how would you describe it using these terms?
>
Discretionary, but the example is flawed. How can you choose to give a
subject write permission in a Unix system? In a Unix-like system where
you can, it's non-discretionary if you want to grant write permission,
but the grantee doesn't get it.
Also, VOC is non-discretionary.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list