[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")

[Jonathan S. Shapiro]

On Wed, 2007-01-03 at 15:28 -0600, Ka-Ping Yee wrote:
> The current definition is backed up by text from a Rainbow Book --
> which, though it is by no means the only word on the topic, it at
> least provides a basis for stating what some significant group of
> people have used this term to mean.

Yes, I agree that is better than what was there before.

> Clearly you are using these terms as if you know exactly what they
> mean, and if you do, and believe you have a basis for showing that
> your interpretation is a widely accepted usage, then you should
> edit the page to explain it (and/or add explanatory material to the
> associated discussion page).  The discussion we are having here may
> add to our own understanding, but it contributes nothing to Wikipedia.

If I felt sufficiently confident to introduce a generally accepted
definition, I would go ahead and do so. In point of fact, I *don't* know
exactly what the term means (and apparently neither does anybody else).
What I *do* know is that the MLS camp makes specific statements in
reference to capabilities, and since they coined the term and the
universally agree that capability systems are discretionary, I have to
accept that *they* are engaged in consistent usage.

The problem: since I don't have a solid definition to offer, I don't
want to update the page. Your definition is clearly inconsistent with
common usage, however, so it doesn't seem like an improvement.
-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100