[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Karp, Alan H
alan.karp at hp.com
Tue Jan 2 10:47:39 CST 2007
Jed wrote:
>
> I despair of any resolution, but I'll soldier on a bit with the
> above example/terminology. You seem to suggest in the above that
> controls over communication qualify as mandatory. Some subject
> had to set up the communication controls (e.g. established the
> MLS labels, set up firewalls, not supplied capabilities, whatever
> you imagine communication blocking to be). For that subject
> (or those subjects) this control is discretionary. It could be
> set up that way or not. It is for those trying to exercise a
> permission that they don't have that the control is "mandatory."
>
The difference is that the controlling party may not have access to the
resource, which means that it may not be able to grant access. It can
only allow the message to reach the service, which can then allow or
deny access at its discretion. So, allowing the message to go through
is at the discretion of the controlling party, but the access to the
resource is not.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list