[cap-talk] Reasoning about dynamic vs. static (was: POLA: what about dynamics?)
Jonathan S. Shapiro
shap at eros-os.com
Mon Oct 1 20:55:33 EDT 2007
On Mon, 2007-10-01 at 14:28 -0700, Jed Donnelley wrote:
> I want to at least make clear my belief that it isn't
> dynamic delegation of permissions that makes reasoning
> about security more difficult but rather just the existence
> of communication channels that makes such reasoning more
> difficult.
I agree. This insight was formalized in Bishop and Snyder's paper "The
Transfer of Information and Authority in a Protection System", which
introduced the distinction between de jure and de facto authority. The
key point is that it doesn't matter which one you have.
--
Jonathan S. Shapiro
Managing Director
The EROS Group, LLC
www.coyotos.org, www.eros-os.org
More information about the cap-talk
mailing list