[cap-talk] VOC <-> DAC distinction (was: RE: In defense of P-1935)

Karp, Alan H alan.karp at hp.com
Sat Feb 2 22:18:57 EST 2008


Jed wrote:
>
> Isn't this a DAC without MAC situation where
> I don't need to know the policy to avoid
> violating it?  Isn't it in fact Voluntary
> Oblivious Compliance?   The above thinking is
> why to me VOC is a subset of DAC - essentially
> a nice property of a DAC.
>
Not by my definition.  If the delegator is confined, then it's DAC with MAC.  If the delegator is not confined, it's VOC.  If there's nobody to to block the delegation or prevent use of the delegated right, it's DAC without MAC.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp




More information about the cap-talk mailing list