[cap-talk] Horton vs. ACLs - private namespaces andthe AuditProblem
Rob Meijer
capibara at xs4all.nl
Fri Oct 12 05:33:29 EDT 2007
On Thu, October 11, 2007 01:06, Karp, Alan H wrote:
> David Hopwood wrote:
>>
>> So if I have permission to the file, and authority to transfer that
>> permission to Alan, I can frame Alan as an insider?
>>
> It's been known to happen. Today it's done by sending a copy of the
> file. Of course, the sender gets in trouble for telling secrets. I
> expect that would apply to someone who transfers a permission.
>
So basically as long as there is no way to confine all forms of authority
transfer to those forms that bundle accountability with
responsibility, accountability will be 'shared' allong with authority even
if it is not explicitly transfered?
I must say that this transfer of accountability is something that I am
conceptualy realy uncomfortable with.
I have thusfar taken the stand that simple 'sharing' authority does not
constitute the transfer or even sharing of accountability, and that
transfering of accountability should be considdered to only be possible by
'explicitly' bundeling accountability with responsibility.
Given that this stand for the abouve example would mean that 'only' the
sender would be accountable, I can see that I may thusfar have been
mistaken.
I am thus now getting uncomfortably confused on the subject
of transfer/sharing of accountability, and am hoping someone on this
list will be able to enlighten me on this.
Rob
More information about the cap-talk
mailing list