[cap-talk] the value of non-delegatable authority?
David Hopwood
david.hopwood at industrial-designers.co.uk
Thu Jan 17 01:08:09 EST 2008
Toby Murray wrote:
> On Tue, 2008-01-15 at 05:29 +0000, David Hopwood wrote:
>>
>>> While a cleared individual can delegate the permission to read a
>>> particular document, they cannot delegate their clearance to another
>>> individual.
>> Yes they can, by acting as a proxy.
>
> I said "they cannot *delegate* their clearance". Being able to proxy is
> totally different.
>
>> If human Alice has access to a document, she can always give human
>> Bob access to it.
>
> Of course. But she cannot give Bob her *clearance*. She cannot
> instantaneously give Bob the right to read every document that she ever
> could. Bob can't gain a clearance from Alice (assuming Alice doesn't
> work for a vetting agency, of course).
By proxying, Alice can instantaneously give Bob the ability to read every
document that he wants to read (and the same ability to search for documents
that she has). This has a similar effect to giving Bob the same clearance,
except that an audit trail will show Alice, not Bob, as having accessed
the documents.
Alice's clearance refers to what set of documents she is intended
(by whoever assigns clearances) to be able to read. It does not refer to
her actual authority; it defines a lower bound on each cleared principal's
authority.
--
David Hopwood
More information about the cap-talk
mailing list