[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
Sandro Magi
smagi at higherlogics.com
Tue Sep 18 10:00:54 EDT 2007
Ka-Ping Yee wrote:
> On Tue, 18 Sep 2007, Toby Murray wrote:
>> Aha. Perhaps you've uncovered another of my unintentionally unstated
>> assumptions.
>>
>> I'm defining authority as "any action that can be performed or caused"
>> to occur.
>>
>
> The difference in perspective I see here is due to differing
> assumptions about what is considered an unknown variable. Or, to put
> it another way, what "free will" are you allowing these actors?
>
> The meaning of "authority" or any sentence involving "can" depends on
> what you consider fixed and variable. To David, the Buggy Mailer's
> code is a variable (authority restrictions are imposed upon it), but
> to you, the code is a fixed entity, a given (the code defines its
> behaviour and thus its authority). The boundary between what you
> consider given and variable is the boundary between "can" and "will".
>
> I would say that your description is consistent, but you've chosen
> to draw that boundary in a less conventional place than David has;
> and I think a good way to clarify the example is to state precisely
> which things are variables and which things are constants.
>
Also, Toby has stated in the past that his CSP models are intended to
reason about *program behaviour*, which is more refined than the
pessimistic analysis that we usually assume (and that I assume David is
using). Thus, perhaps Toby's CSP analysis of Buggy and Nonbuggy programs
can extract useful information on misuse of authority which David's
overly pessimistic analysis cannot assume.
Sandro
More information about the cap-talk
mailing list