[cap-talk] top-to-bottom

Rob Meijer capibara at xs4all.nl
Sun Jan 18 13:50:37 EST 2009 

On Sun, January 18, 2009 04:02, ross mcginnis wrote:
>
>
> I've been wondering if you had a top-to-bottom cap based desktop what sort
> of user account management system would be best implemented (this is w.r.t
> a typical personal use computer with users in an every day setting, not
> somethin.
>
> Would you emulate the traditional root/superuser account paradigm where
> only one single entity has the authority to create and manage all the
> other accounts (presumably this could be emulated by designing an account
> creation object which is a trusted code object that tightly holds a
> create-user cap)?

A 'system-owner' might be an important concept. And from an individual
users perspective, 'data-owner' might be an important concept.
But for both, I feel that the possibility to delegate is essential.

> Or perhaps design something more fluid (and a very big break from
> standard) such as where you have a deliberately free create-user cap and
> if any user possesses it they can create a new user and also they can
> discretionally choose whether to pass the cap onto the newly created user
> or not?
>
> What other sort of arrangements are possible- eg, could you replace the
> concept of user with some other concept?

I feel that in a 'top to bottom' caps/POLA system, a new user account
would in theory hold absolutely no authority. There seems no reason to
disallow the creation of a user account at all. So a create-user cap
should IMHO not only be free to delegate, there would not be any problem
if each new user account would explicitly receive it on creation.

There is actually much security to be gained from allowing each user to
create new users with a subset of their privileges. If you disalow it as
most systems do, you end up with people sharing their own single user
account in order to get urgent work done. So in my view each and every
user should be allowed to create new user accounts.


> This also raises other design questions regarding related issues such as
> removing accounts.

If you treat user accounts as regular objects, they should get garbage
collected once there are no more references to it.


> Just Wondering...
> Ross.
> _________________________________________________________________
> Net yourself a bargain. Find great deals on eBay.
> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Frover%2Eebay%2Ecom%2Frover%2F1%2F705%2D10129%2D5668%2D323%2F4%3Fid%3D10&_t=763807330&_r=hotmailTAGLINES&_m=EXT
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>

More information about the cap-talk mailing list