[cap-talk] "ambient authority" on wiki.erights.org
Sam Mason
sam at samason.me.uk
Thu Jun 11 19:46:28 EDT 2009
On Thu, Jun 11, 2009 at 03:26:28PM -0700, Mark Miller wrote:
> On Thu, Jun 11, 2009 at 3:11 PM, Karp, Alan H <alan.karp at hp.com> wrote:
> > I don't think any of the definitions I've seen so far capture what to me is
> > the essential nature of ambient authority, the separation of designation
> > from authorization. I think the following captures that point.
> >
> > "A system in which the submitter of a request does not specify which
> > permissions to apply to the request is said to use ambient authorities."
>
> I like that too!
Yup, seems to fit with me as well.
> I'd change to "...which of its permissions to apply...".
I don't think I'd point that out explicitly. It seems more of a
discussion point to me, maybe "not knowing which is the 'correct' set of
permissions to use in a given situation is one of the biggest problems
with ambient authority" and then some nice examples that I'm failing
to think of at the moment. Physical examples are nice, but as I said,
I can't think of any nice ones. Not sure if I've seen the example of
being in a room and hence having the ambient authority to anything
within said room. The example seems to fall apart when contrasting to
designated authority, but thought it worth mentioning in case anybody
was inspired!
The physical world seems (to me at the moment anyway) to run pretty
much exclusively with designated authority, there seem to be lots of
examples that look like ambient authority at first glance but are much
more easily explained by designated authority.
--
Sam http://samason.me.uk/
More information about the cap-talk
mailing list