[cap-talk] "ambient authority" on wiki.erights.org
Sam Mason
sam at samason.me.uk
Fri Jun 12 07:45:35 EDT 2009
On Fri, Jun 12, 2009 at 12:39:01AM +0000, Karp, Alan H wrote:
> Sam Mason wrote:
> > Physical examples are nice, but as I said, I can't think of any nice
> > ones.
>
> We're a two Prius family. (I wish:) The Prius has a smart key that
> unlocks the door and lets you start the car while the key is in your
> pocket. If I have both keys in my pocket, I might inadvertently drive
> off in the wrong car. Ambient. With my 1997 Hondas, I need to use a
> physical key, which can be labeled so I know which car it is for. Not
> ambient.
Hum, surely you designated the authority you want to use by getting
into car you chose! Yes, I can see the analogy of visiting a web site
and cookies/other secrets getting exchanged automatically/incorrectly,
but it's not the point I'm struggling with. The software analogy of
this would appear to be (automatically) passing a capability to a word
processor when opening on one of its documents.
I think my difficultly is with expressing agents working on your
behalf---a user never does anything directly with their computer, it's
all mediated through other programs. The problem solved by ocaps we're
interested with here is with removing ambient authority, the user always
has this authority the interesting part is with attenuating it for
processes that you don't trust (which POLA says should be most things
most of the time). Physical analogies to these agents (i.e. processes)
seem to be what I'm struggling with, but I obviously don't understand
the problem well enough to put it into words.
--
Sam http://samason.me.uk/
More information about the cap-talk
mailing list