[cap-talk] "ambient authority" on wiki.erights.org

[Rob Meijer]

On Fri, June 12, 2009 18:04, Karp, Alan H wrote:
> Rob Meijer wrote:
>>
>> Although I feel this definition captures most of what I would consider
>> ambient authority, I feel the focus is not quite placed right by
>> focusing
>> on the wielding of authority rather than on through what the authority
>> was
>> obtained, what I feel would be the essence of the difference with
>> designated authority.  The point that the thing wielding the authority
>> derives this authority from a source (like class type or uid) that is a
>> non private but yet unalienatable implicit part of its construction.
>>
> I disagree.  Whether authorities are ambient or not has nothing to do with
> how they are granted, only with how they are used to make an access
> decision.

If that is the case, than the term ambient authority seems misleading.

If I try to simply decompose and analyze the term 'ambient authority' I
would come to the following:

Ambient : of the surrounding area or environment (that is not private)
Authority : can do something directly or indirectly

To me, the combination of the two reads like : "Those things a subject can
do directly or indirectly by virtue of something that is of the
surrounding area or environment". Does this come close to how you parse
the term 'ambient authority'?

Expanding on this interpretation, any authority that flows from
permissions or references that reside within or are bound to an implicitly
shared (non private) resource or name space would be authority that I
would interpret as 'of the surrounding area or environment', and thus as
ambient authority.

In what you define as ambient authority, the term 'ambient' seems to me to
be a property of the permissions rather than of the authority.



Rob