[cap-talk] Ambient authority, authentication and authorization
Jed Donnelley
capability at webstart.com
Mon Jan 22 15:07:30 CST 2007
At 08:10 AM 1/22/2007, Karp, Alan H wrote:
>Jed wrote:
> >
> > And yet ... it seems to me that this very distinction is at the heart
> > of the "ambient authority" model and much that I view as broken about
> > the dominant implementations of access control.
> >
>While using IBAC (at least in any practical form) necessarily results in
>ambient authorities, ABAC systems can exhibit this flaw as well. That's
>what happened to Client Utility. Due to a mistake on my part, we made
>it easy for people to include large bundles of authority with each
>request. Similarly, certificate based ABAC systems allow including
>large bundles of authorities. Even so, ABAC systems are superior to
>IBAC in terms of distributed identity management and delegation.
I agree. It may not always be a bad idea to provide a bundled
group of permissions in an ABAC system. In fact, as I noted
in my discussion with David Hopwood:
http://www.eros-os.org/pipermail/cap-talk/2007-January/007277.html
'It's true that even with capability based system there
seems to be a need for some sort of "bundled" authorization,
at least at the beginning of a "login" session.'
, providing such a "user" authorization (from which to run
a 'powerbox' for example) makes sense to me.
Such a bundled authorization is a start for further
refinements in an ABAC system vs. being the end of the
line with an IBAC system.
--Jed http://www.webstart.com/jed/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20070122/d31557a5/attachment.html
More information about the cap-talk
mailing list