[cap-talk] Architectural Choices for Security: terminology
Karp, Alan H
alan.karp at hp.com
Sun Nov 18 19:11:19 EST 2007
Jed wrote:
>
> In that case I assume the role of the requester is known to
> the server?
>
Correct. That's a source of some of the difficulty of using roles. All
participants must agree on what the roles mean.
>
> Then again I assume the attributes are associated with the requesting
> process/active object? When a user initializes a process doesn't it
> automatically get the user's role or attributes?
>
Yes and yes. Although there is no reason it must be so, every PBAC
system I've seen has every process run with the attributes of the user
who started it. Also, all participants must agree on what the
attributes mean.
>
> For me the functional property that defines a "capability"
> system is that ability to delegate where you can
> communicate, not any implementation property.
>
To me the fundamental property of a capability is the combination of
designation with authorization, but I like delegation a lot. In fact,
the ability to be delegated is a key property of an authorization, even
when it doesn't combine designation with authorization.
>
> What is it about "Authorization Based Access Control"
> that you consider definitive Alan? Would your consider
> the ACL sort of mechanism described in the Managing Domains
> paper ABAC or IBAC or what?
>
The definitive characteristic of ABAC is that the authorization decision
is made before the request. All the authentication methods make the
authorization decision at request time.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list