[cap-talk] "ambient authority" on wiki.erights.org, take 2
Charles Landau
clandau at macslab.com
Thu Jun 11 18:10:45 EDT 2009
Mark Miller wrote:
> On Thu, Jun 11, 2009 at 9:47 AM, David-Sarah Hopwood
> <david-sarah at jacaranda.org <mailto:david-sarah at jacaranda.org>> wrote:
>
> Matej Kosik wrote:
> > What about this:
> > http://wiki.erights.org/wiki/Ambient_authority
> > (that page can be deleted by wiki administrator if it is
> inappropriate)
>
> # If a subject can operate on all objects of a given type, we say that
> # it has ambient authority.
>
>
> Huh? I am completely confused. What do types have to do with anything?
There seems to be consensus that the original definition is wrong, so I
took the liberty of rewriting it as below. It's still a draft, so
continue to critique.
A subject may have several different permissions. Ambient authority is
authority that can be used without having to identify which specific
permission is required. In an ambient authority system, when a subject
requests an action (typically by naming an object and an operation on
that object), the action is allowed if the subject has any permission
for the action.
In contrast, in a designated authority system, a subject explicitly
identifies a subset (usually one) of its permissions, and the action is
allowed only if permitted by that subset of permissions.
In an ambient authority system, often there is no way to identify a
specific permission, so there is no concept of having different
permissions.
More information about the cap-talk
mailing list