[cap-talk] Capabilities giving up control?
Karp, Alan H
alan.karp at hp.com
Fri Jan 18 20:54:14 EST 2008
Jed wrote:
> Is the
> main distinction between permission and
> authority that a subject can exercise
> multiple permissions in an effort to
> achieve a result and thus exercise its
> greater "authority" (e.g. what's been
> termed "amplification"?)?
>
No, they are different concepts. Amplification means needing two authorities, such as to the sealed box and the corresponding unsealer. Authority is the ability to cause things to happen. That means a permission is an authority, but there are authorities that aren't permissions.
The example I like is a web server. There is an ACL on the server's machine granting the process running the server permission to read the site's home page from disk. There is no permission granting me permission to read that page. When I enter the URL for that page in my browser, I get to read it. Clearly then I have authority to read the page. What has happened is that I used my permission, embodied by knowledge of the server's URL, to ask the server for the page. The server used its permission and behavior to present the contents to me. It is this characteristic of combining permission and behavior that is the distinguishing characteristic of a non-permission authority.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list