[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Sandro Magi
smagi at higherlogics.com
Wed Jan 3 16:10:29 CST 2007
Jonathan S. Shapiro wrote:
> On Wed, 2007-01-03 at 10:02 -0800, Jed Donnelley wrote:
>
>> Let me just feed a bit off what's now on the "discretionary access
>> control" page:
>>
>> http://en.wikipedia.org/wiki/Discretionary_access_control
>>
>> Namely where it says, "A system is said to provide discretionary
>> access control if the owner of an object has the ability to control
>> how others can access it.
>>
> This definition is flatly wrong. Discretionary control isn't about what
> the owner of an object can do. It's about what a process can do. The
> definition above would lead to the conclusion that capability systems
> cannot be discretionary because they have no notion of owner.
Or, one could say that in capability systems, ownership of a set of
rights is shared by all those holding equivalent capabilities. Kind of
awkward to think of ownership this way, but it re-establishes the
validity of Ping's statement.
Sandro
More information about the cap-talk
mailing list