[cap-talk] Concening entry "ambient authority" in Wikipedia

[Rob Meijer]

On Fri, June 5, 2009 16:29, Dave Chizmadia - Gmail wrote:
>> 1) A UNIX process has ambient authority to a filesystem as a
>> result of, and
>>    limited, by the user id that the process runs under. This
>> authority is
>>    implicitly shared with UNIX process running under the same user id.
>> 2) An object A has ambient authority to an (static member)
>> object B as a
>>    result of, and limited by the fact, that the object is an
>> instance of a
>>    particular class C. This authority is implicitly shared with other
>>    objects of the class C.
>
>     So what is the problem?
>
>     In example 2, the ACI is class membership. The type system, which
> is acting as the access control infrastructure, checks the class of
> the Initiator instance object and renders a decision about access on
> that basis. In a strict OCap system, that check isn't part of the
> access control model, since possession of the Target's object
> reference is both necessary and sufficient to invoke the desired
> method, but is part of a type safety model, since invocation won't
> be allowed to proceed if the class membership check fails.
>
>> I thus feel the implicit sharing of 1/2 is much more relevant to a
>> definition than the ACI component of 1.
>
>     The implicit sharing of example 1 is on the basis of shared ACI in
> the form of a common userId, while the implicit sharing of example 2
> is on the basis of shared ACI in the form of a common class. Both
> examples are covered by my definition.
>
>> Rob
>

Ok, but than my question is, wouldn't implicit sharing be sufficient for a
definition.

I would propose the folowing definition should suffice:

"The ambient authority of an actor is defined as the implicitly shared,
authority carrying subset of the state that it can either access and/or
meaningfully influence."

Rob.