[cap-talk] "ambient authority" on wiki.erights.org

[Matej Kosik]

Karp, Alan H wrote:
> I don't think any of the definitions I've seen so far capture what to me is the essential nature of ambient authority, the separation of designation from authorization.  I think the following captures that point.
> 
> "A system in which the submitter of a request does not specify which permissions to apply to the request is said to use ambient authorities."

Sounds good to me. The "Comment" section could be perhaps deleted. It
would be relevant if "ambient authority" was somehow inherently
connected with "excess authority" which is not true. The general form of
ACLs (where we could specify permitted operations on all objects for all
subjects independently) is sufficient to avoid it while it still falls
into "ambient authority system" category. The problem is that
traditional UNIX offers only very restricted form of ACLs.

The article can be enriched by pointing to confused deputy problem
(perhaps as a separate wiki page) with various examples of confused
deputy problems in real systems.