[cap-talk] Capabilities giving up control?
Jed Donnelley
capability at webstart.com
Fri Jan 18 12:33:08 EST 2008
At 09:17 AM 1/18/2008, Mark Miller wrote:
>On Jan 18, 2008 8:51 AM, David Hopwood
><david.hopwood at industrial-designers.co.uk> wrote:
> > Jed Donnelley wrote:
> > [...]
> > > I really think the sense in which we have been using
> > > "authority" on this list (sorry MarkM) is an entirely
> > > different concept. Namely the closure of what sort
> > > of access can be obtained by using all available
> > > permissions. Sadly, I don't think this fits very
> > > well with the human social notion of "authorize",
> > > e.g. (from:
> > > http://www.thefreedictionary.com/authorize ):
> >
> > Please let's not redefine terms in mid-argument. MarkM's choice
> > of "authority" to mean the transitive closure of available
> > permissions will do fine for the time being; it's concise, useful,
> > and no less well-chosen than many other technical terms.
>
>
>I use "authority" to mean the effects one can cause. If Alice has
>permission to write to file C and Alice gives Bob an object that
>enables Bob only to cause even numbers to be written to C, then Bob
>has the authority to cause even numbers to be written to C. How would
>you describe this authority in term of a transitive closure of
>available permissions?
Bob actually has only a permission to communicate with Alice.
In practice Alice could implement any sort of a filter on
Bob's actions. By "transitively" looking at what Bob has
a permission to do and looking at what Alice has permission
to do and how Alice exercises her permission in response to
Bob's permitted communications we arrive at the effects
Bob can cause: Bob's "authority" in the broader computer
system sense.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list