[cap-talk] Concening entry "ambient authority" in Wikipedia
Rob Meijer
capibara at xs4all.nl
Fri Jun 5 06:42:28 EDT 2009
On Fri, June 5, 2009 12:07, Toby Murray wrote:
> On Fri, 2009-06-05 at 11:13 +0200, Matej Kosik wrote:
>> Fellows,
>>
>> I have some doubts concerning the article "ambient authority" in
>> Wikipedia.
>
> So do I. However, I'm not sure how it should be changed. Ambient
> authority is never clearly defined in any of the capability literature.
>
> I can come with two definitions for "ambient authority".
>
> 1. A program's ambient authority is the subset of its authority that it
> shares with all other programs in the computer system within which it
> resides.
> 2. A program's ambient authority is the subset of its authority that it
> can exercise without having to present any form of credential, such as a
> capability, password, certificate etc.
>
I would try to avoid using any specific level of granularity in such a
definition. The use of a term such as 'program' implies a specific level
of granularity and may be useful in an example, but is harmful in a
definition IMO. Just try to come up with an example at multiple levels of
granularity
(networks?,machines?,users,programs,processes,classes,objects,methods?)
and if from that you can create a definition that fits all examples, than
you likely have a useful definition.
Rob.
More information about the cap-talk
mailing list