[cap-talk] What's "Discretionary Security" (was: Another "core"principle, capability communication)
Mark S. Miller
markm at cs.jhu.edu
Tue Jan 2 10:50:47 CST 2007
Jonathan S. Shapiro wrote:
> [..], and this makes it hard to compare discretionary vs.
> mandatory policies.
Leaving aside Alan's proposed definitions for now. With your proposed
definitions, does "discretionary policy" or "mandatory policy" mean anything?
Is it possible to compare these?
If I understood your previous posts, any policy in which some subject might
choose to prevent some other subject from doing something, i.e., any policy
which can in any sense be said to be security-relevant, is simultaneously
discretionary and mandatory. (Or discretionary and non-discretionary if you
prefer.) This makes the unqualified noun phrases above meaningless by
themselves, and makes comparing them impossible.
Normal description: Joe walks into a store and decides not to buy a stick of gum.
Security guru description: Joe's discretionary policy is to not give the clerk
his money. This imposes a mandatory policy of the clerk that he doesn't have
Joe's money.
What does the second description clarify?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list