[cap-talk] Mandatory Access Control
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Wed Jan 3 17:50:30 CST 2007
Jed Donnelley wrote:
> Let me just feed a bit off what's now on the "discretionary access
> control" page:
>
> http://en.wikipedia.org/wiki/Discretionary_access_control
>
> Namely where it says, "A system is said to provide discretionary
> access control if the owner of an object has the ability to control
> how others can access it. This is defined in opposition to mandatory
> access control (also known as non-discretionary access control), in
> which the system enforces restrictions on how access policies can be edited."
>
> and explain why this still doesn't make sense to me.
There is a false dichotomy here. In all realistic access control systems
I'm aware of (ACL-based, capability-based, role-based, or whatever), it is
both the case that
"the owner of an object has [some] ability to control how others can
access it,"
and
"the system enforces [some] restrictions on how access policies can be
edited."
So most systems are both "discretionary" and "non-discretionary" by the
above definitions.
Call me a boring prescriptivist, but I tend to think that it is a good idea
for technical terms of the form "non-<adjective> <noun>" to be defined as
"a <noun> that is not <adjective>". This doesn't always help if either
<noun> or <adjective> are not well-defined, but at least it eliminates
one potential cause of self-contradiction.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list