[cap-talk] Mandatory Access Control

[David Hopwood]

David Hopwood wrote:
> Jed Donnelley wrote:
> 
>>Let me just feed a bit off what's now on the "discretionary access 
>>control" page:
>>
>>http://en.wikipedia.org/wiki/Discretionary_access_control
>>
>>Namely where it says, "A system is said to provide discretionary 
>>access control if the owner of an object has the ability to control 
>>how others can access it. This is defined in opposition to mandatory 
>>access control (also known as non-discretionary access control), in 
>>which the system enforces restrictions on how access policies can be edited."
>>
>>and explain why this still doesn't make sense to me.
> 
> There is a false dichotomy here. In all realistic access control systems
> I'm aware of (ACL-based, capability-based, role-based, or whatever), it is
> both the case that
> 
>  "the owner of an object has [some] ability to control how others can
>   access it,"

... or similar for the nearest available concept to "owner" (perhaps "creator"),
if the system doesn't have "owners" per se.

> and
> 
>  "the system enforces [some] restrictions on how access policies can be
>   edited."
> 
> So most systems are both "discretionary" and "non-discretionary" by the
> above definitions.
> 
> Call me a boring prescriptivist, but I tend to think that it is a good idea
> for technical terms of the form "non-<adjective> <noun>" to be defined as
> "a <noun> that is not <adjective>". This doesn't always help if either
> <noun> or <adjective> are not well-defined, but at least it eliminates
> one potential cause of self-contradiction.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>