[cap-talk] "ambient authority" on wiki.erights.org
David-Sarah Hopwood
david-sarah at jacaranda.org
Thu Jun 11 12:47:12 EDT 2009
Matej Kosik wrote:
> What about this:
> http://wiki.erights.org/wiki/Ambient_authority
> (that page can be deleted by wiki administrator if it is inappropriate)
# If a subject can operate on all objects of a given type, we say that
# it has ambient authority.
> Is that definition correct? I find it clearer than (and hopefully
> equivalent to) definitinion given by Mark:
>
> "If a requesting entity
(i.e. subject)
> requests an action that it is permitted to perform, then the action
> is allowed."
I don't see how it is equivalent. Your definition doesn't take into
account whether the operation is permitted (for example by an ACL).
It also doesn't really capture the fact that it is characteristic
of ambient authority that requests refer to objects by forgeable names.
The definition that is currently at
<http://en.wikipedia.org/wiki/Ambient_authority> (after I edited it)
does capture that.
> Although, it would be necessary to define the other related terms
> (subject, object, operation on object).
These are all standard access control terminology.
<http://en.wikipedia.org/wiki/Access_control#Computer_security>
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list