[cap-talk] the value of non-delegatable authority?
Anupam Simlot
gurudevdas at gmail.com
Tue Jan 15 23:06:10 EST 2008
On Jan 15, 2008 9:52 PM, Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> On Tue, 2008-01-15 at 05:29 +0000, David Hopwood wrote:
> > If human Alice has access to a document, she can always give human
> > Bob access to it.
>
> Of course. But she cannot give Bob her *clearance*. She cannot
> instantaneously give Bob the right to read every document that she ever
> could. Bob can't gain a clearance from Alice (assuming Alice doesn't
> work for a vetting agency, of course).
>
> The clearance is a much stronger authority than the right to read a
> particuular document that Alice chooses to pass to Bob. These are
> totally different things.
Right, this is starting to get confusing for me. Let's see how much I
understand.
Alice has clearance to a resource. Bob does not. Alice can not pass
her clearance on to Bob. However, Alice can grant Bob access to the
resource as a proxy. But this may not work depending on the nature of
the resource and their ability to communicate (more on this below).
The desire of the administrators is to prevent those without clearance
from accessing the resource.
So this system may fail to provide security depending on ... ???
Anupam
More information about the cap-talk
mailing list