[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Ka-Ping Yee
cap-talk at zesty.ca
Wed Jan 3 15:05:17 CST 2007
On Wed, 3 Jan 2007, Jonathan S. Shapiro wrote:
> On Wed, 2007-01-03 at 10:02 -0800, Jed Donnelley wrote:
>
> > Let me just feed a bit off what's now on the "discretionary access
> > control" page:
> >
> > http://en.wikipedia.org/wiki/Discretionary_access_control
> >
> > Namely where it says, "A system is said to provide discretionary
> > access control if the owner of an object has the ability to control
> > how others can access it.
>
> This definition is flatly wrong. Discretionary control isn't about what
> the owner of an object can do. It's about what a process can do. The
> definition above would lead to the conclusion that capability systems
> cannot be discretionary because they have no notion of owner. This
> conclusion is clearly inconsistent with the literature.
I wasn't aware that the classification of capability systems as
discretionary ought to be considered a valid classification. I
thought a big source of the confusion in the whole debate was
precisely this -- that it doesn't make sense to label capability
systems as discretionary or mandatory, because this distinction
argues from a perspective (ignorance of the difference between
de facto and de jure access) that capability approaches see as
inherently flawed.
How would you write the definition?
(Given your objection to this text, I should also notify you of
the similar text I placed on the page
http://en.wikipedia.org/wiki/Access_control_lists
which was my attempt to succinctly state the difference between
discretionary and mandatory, but to which you may also object.)
-- ?!ng
More information about the cap-talk
mailing list