[cap-talk] Architectural Choices for Security: terminology

Karp, Alan H alan.karp at hp.com
Mon Nov 19 11:42:40 EST 2007 

Jed wrote:
> 
> Hmmm.  I think there is a serious reason.  If when a process is
> initiated it doesn't get the user's role or attributes, then
> what role or attributes does it get?  Determining what role
> or attributes to give to processes if not those of the user
> seems to me would be a non trivial technical problem, much
> like initializing a process in a capability system but even
> more complex.
> 
I agree, but it's worse than more complex.  There may be no way to know
what permissions a process will get based on the attributes the user
gives it.
> 
> Hmmm.  When I said the ability to 'delegate', I meant the
> ability to delegate authorization (well, permission,
> but I think that is a fine point?).  What did you think
> I meant by delegation?  I.e. what did you think I was
> delegating if not a permission (authorization = the
> closure of permissions available through the initial
> permission)?
> 
That's what I thought you meant.  My point was how the delegated
authorization is used.  If the invocation separates designation and
authorization, then it's not a capability.
> 
> >In fact,
> >the ability to be delegated is a key property of an 
> authorization, even
> >when it doesn't combine designation with authorization.
> 
> I think we are mincing fine nuances.  If there's something
> more major here, please jump on me.
> 
The fine point is that ABAC is more general than capabilities because
ABAC includes systems that separate designation from authorization.
> >
> >The definitive characteristic of ABAC is that the 
> authorization decision
> >is made before the request.
> > 
> I don't see how the above characterization helps me to determine
> whether an access control mechanism is ABAC or not.  It seems
> to me that you can argue that all authorization decisions
> are made before the request.  E.g. in Unix a chmod is an
> access 'decision', isn't it?  Perhaps I need to better understand
> what you mean by an "access decision".
> 
You are correct.  I stated that poorly.  There are four steps in the
process.  Identification tells you who to throw in jail if something bad
gets done.  Authentication lets that person prove identity, role, or
attributes.  Authorization is the process of assigning rights to an
authentication.  Access is deciding whether or not to honor a request.
In (IBAC, RBAC, PBAC), authentication is used in that last step.  In
ABAC, it is not.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp

More information about the cap-talk mailing list