[cap-talk] "ambient authority" on wiki.erights.org, take 2

[Mark Miller]

On Thu, Jun 11, 2009 at 3:10 PM, Charles Landau <clandau at macslab.com> wrote:

> Mark Miller wrote:
> > On Thu, Jun 11, 2009 at 9:47 AM, David-Sarah Hopwood
> > <david-sarah at jacaranda.org <mailto:david-sarah at jacaranda.org>> wrote:
> >
> >     Matej Kosik wrote:
> >      > What about this:
> >      > http://wiki.erights.org/wiki/Ambient_authority
> >      > (that page can be deleted by wiki administrator if it is
> >     inappropriate)
> >
> >     # If a subject can operate on all objects of a given type, we say
> that
> >     # it has ambient authority.
> >
> >
> > Huh? I am completely confused. What do types have to do with anything?
>
> There seems to be consensus that the original definition is wrong, so I
> took the liberty of rewriting it as below. It's still a draft, so
> continue to critique.
>
>
> A subject may have several different permissions. Ambient authority is
> authority that can be used without having to identify which specific
> permission is required. In an ambient authority system, when a subject
> requests an action (typically by naming an object and an operation on
> that object), the action is allowed if the subject has any permission
> for the action.
>
> In contrast, in a designated authority system, a subject explicitly
> identifies a subset (usually one) of its permissions, and the action is
> allowed only if permitted by that subset of permissions.


I like it!


>
> In an ambient authority system, often there is no way to identify a
> specific permission, so there is no concept of having different
> permissions.


Even knowing what you are trying to say, I find this last paragraph
confusing. I also think it is unnecessary.

-- 
Text by me above is hereby placed in the public domain

   Cheers,
   --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090611/d598ecac/attachment.html