[cap-talk] VOC <-> DAC distinction (was: RE: In defense of P-1935)
Karp, Alan H
alan.karp at hp.com
Sat Feb 2 22:18:57 EST 2008
> Isn't this a DAC without MAC situation where
> I don't need to know the policy to avoid
> violating it? Isn't it in fact Voluntary
> Oblivious Compliance? The above thinking is
> why to me VOC is a subset of DAC - essentially
> a nice property of a DAC.
Not by my definition. If the delegator is confined, then it's DAC with MAC. If the delegator is not confined, it's VOC. If there's nobody to to block the delegation or prevent use of the delegated right, it's DAC without MAC.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk