[cap-talk] Confused Deputies arising from object capabilities
Mark Miller
erights at gmail.com
Mon Feb 4 11:13:10 EST 2008
On Feb 3, 2008 10:39 PM, Jed Donnelley <capability at webstart.com> wrote:
> [...] it seems
> to me that what people refer to as "rights amplification"
> poses a risk of producing confused deputies,
Yes. This still needs to be explored in depth.
> I have been increasingly puzzled by what that term
> "hybrid capability system" means.
A system with both ACL and cap logic, where an access is allowed only
if it is allowed by both ACL and cap rules. Thus, the set of allowed
action are the intersection of ACL-allowed actions and cap-allowed
actions. Classic examples include SCAP, ICAP, and the so-called
"unauthorized capabilities" of System/38 aka AS/400.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list