[cap-talk] Ambient authority, authentication and authorization
Jed Donnelley
capability at webstart.com
Mon Jan 22 18:03:04 CST 2007
At 03:26 PM 1/22/2007, you wrote:
>Jed wrote:
> >
> > I agree. It may not always be a bad idea to provide a bundled
> > group of permissions in an ABAC system.
>
>My point was that it is possible to end up with essentially ambient
>authorities even with ABAC. For example, submitting all your
>authorization certificates with each request. That's bad, but not as
>bad as IBAC.
<private message>: I believe I fully understood you. I was just adding
that an initial login is essentially an ABAC mechanism providing access
to an identity (e.g. for further IBAC or ABAC use). In the former case
the login could be used to establish a class of subjects that are
labeled with the identity (IBAC) for access control purposed (e.g. ACLs),
while in the later case the login can be used to grant an initial set
of permissions
, a bundled identity based
authority that, at that level, really is some sort of combination of
ABAC and IBAC. In terms of the implementation it's ABAC (supply
a password or certificate or ...), but it provides access to all the
permissions of an identity (person). I was noting that seems
pretty reasonable to me, it 'just' needs some mechanism to be
extended via POLA to the process level - seemingly via ABAC
since IBAC doesn't appear to work at that level.
I just thought I'd probe to see if I'm missing something as suggested
by your message starting "My point was...".
I believe I understood your point both the first and second times.
Was there something in my message that suggested to you
that I either didn't understand or was disagreeing?
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list