[cap-talk] What we have here is a failure to communicate

[Rob Meijer]

On Sat, December 27, 2008 10:37, Jed Donnelley wrote:

> I wonder if it might help any to discuss how we should use these
> terms, "authentication" and "authorization" in the context of the
> object-capability model.  Neither of these terms are currently
> included in the Wikipedia page on the object-capability model:
>
> http://en.wikipedia.org/wiki/Object-capability_model
>
> Might not this in itself lead to some confusion and perhaps less
> acceptance of the OCap model?
>
> To me the OCap model does "conflate" authentication and authorization.
> That is, the possession (as evidenced by communication) of a capability
> demonstrates that the communicating subject is authentic (in that it
> apparently possessed the communicated capability) and is authorized to
> access (in the sense of "access control") whatever the capability
> grants (permits) access to.
>
> Perhaps others have other potentially better ways of relating the OCap
> model to authentication and authorization?

When defining authentication in general, I feel an important point to make
is that what is needs to be authenticated for the sake of access control
is the "source of authority", while what needs to be authenticated for the
sake of auditing is the "source of accountability".

If for any solution for access control and/or logging and auditing you
start of determining what are the sources of authority and what are the
sources of accountability, its discussion and comparison seems to flow
quite naturally from this.

Rob