[cap-talk] "ambient authority" on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Fri Jun 12 12:04:45 EDT 2009
Rob Meijer wrote:
>
> Although I feel this definition captures most of what I would consider
> ambient authority, I feel the focus is not quite placed right by focusing
> on the wielding of authority rather than on through what the authority was
> obtained, what I feel would be the essence of the difference with
> designated authority. The point that the thing wielding the authority
> derives this authority from a source (like class type or uid) that is a
> non private but yet unalienatable implicit part of its construction.
>
I disagree. Whether authorities are ambient or not has nothing to do with how they are granted, only with how they are used to make an access decision. It is entirely possible to build a non-ambient authority system based on an ACL by splitting the request step into two parts, getting the authorizations needed for a request and submitting them with the request, e.g., su restrictedUser cat <infile >outfile.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list