[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)

Jed Donnelley capability at webstart.com
Tue Jan 2 01:49:05 CST 2007 

At 09:15 PM 1/1/2007, Karp, Alan H wrote:
>MarkM wrote:
> > >
> > > Also, VOC is non-discretionary.
> >
> > Do you claim these answers are consistent with Shap's stated
> > definitions for
> > these terms? If instead, as I suspect, you have a different
> > meaning in mind,
> > could you state your proposed meaning for these terms?
> >
>The distinction I make depends on three parties.  Alice makes a request
>of Bob.  If Bob decides whether or not to honor the request, I call it
>discretionary.  If the request is blocked from reaching Bob, or the
>reply from Bob is blocked from reaching Alice, then the access is
>non-discretionary.  The blocking must be done by some third party, which
>could be the TCB, but could be some entity that doesn't have access to
>the requested resource.  VOC must be non-discretionary according to this
>definition.

How does the above do anything but add another element to the
managing of the access control.  It can of course be any sort of
collaboration that sets up the conditions that permit or block
an operation.  Those participants are acting discretionarily.
It is the action of the subject that's blocked (or not enabled)
that is non discretionary.

I despair of any resolution, but I'll soldier on a bit with the
above example/terminology.  You seem to suggest in the above that
controls over communication qualify as mandatory.  Some subject
had to set up the communication controls (e.g. established the
MLS labels, set up firewalls, not supplied capabilities, whatever
you imagine communication blocking to be).  For that subject
(or those subjects) this control is discretionary.  It could be
set up that way or not.  It is for those trying to exercise a
permission that they don't have that the control is "mandatory."

I have yet to hear of any definition of the discretionary vs.
mandatory terminology that makes sense to me - despite repeated
efforts in this thread and of course many, many, many years
of reading papers and documents on this topic.

--Jed  http://www.webstart.com/jed-signature.html

More information about the cap-talk mailing list