[cap-talk] A paper on web-keys - discretionary control
Jed Donnelley
jed at nersc.gov
Fri Jan 18 22:32:08 EST 2008
On 1/18/2008 5:54 PM, Mark Miller wrote:
> On Jan 18, 2008 2:24 PM, Jed Donnelley <jed at nersc.gov> wrote:
>> However, let me mention that in today's market
>> leading systems (Unix, Windows), most (nearly
>> all?) management of access control is already
>> discretionary - already exercised by end users.
>> While it's true that in systems like unix the
>> means to manage groups is not available to
>> end users (gag!), still end users have ultimate
>> discretionary control over delegation (e.g.
>> world R/W/X).
>
> I should set up a bot to search for "discretionary" and "mandatory"
> and post in response:
>
> "What do you mean by 'discretionary'?"
By "discretionary" I mean subject to the control of the
end user. If I can grant you read access to my file,
I have "discretionary" control over granting that access.
By "mandatory" I mean not subject to the control of the
end user. Only subject to being granted by a 'knowledgeable'
administrator. For example an "authorized declassifier".
If I can't grant you access to the file, but must go
ask for permission to give you access from some
administrator (e.g. like the "authorized declassifier"),
then I am subject to a 'mandatory' control.
> Even better, could you rephrase without using this term so I have some
> hope of understanding what you mean? Thanks.
I hope the above is sufficiently clear. If not,
ask again. If so, please make an effort to clarify
the distinction between "permission" and "authority"
for me as per:
http://www.eros-os.org/pipermail/cap-talk/2008-January/009572.html
Thanks.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list