[cap-talk] Concening entry "ambient authority" in Wikipedia
Mark Miller
erights at gmail.com
Mon Jun 8 11:46:32 EDT 2009
On Mon, Jun 8, 2009 at 2:29 AM, Marcus Brinkmann
<marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> Without attempting a formal definition, I think that ambient authority
> actually is used here to describe systems in which the POLA design principle
> is rejected.
Confused deputy has nothing to do with POLA.
I think you're trying to define "excess authority". Systems suffering
from excess authority dangers often also suffer from ambient authority
dangers. But otherwise, the two concepts are orthogonal. The term
"ambient authority" was originally coined simultaneously and
independently by Dean Tribble and myself in order to describe what
so-called "Netscape Capabilities" got wrong. Netscape Capabilities
were designed to support POLA, and did support it well given the
constraints they took on. However, because of their ambient authority
problems (and despite claims to the contrary) they were vulnerable to
confused deputy. (They called confused deputy a "luring attack".)
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list