[cap-talk] FW: "ambient authority" on wiki.erights.org

Karp, Alan H alan.karp at hp.com
Fri Jun 12 16:55:45 EDT 2009 

Forwarding an inadvertently private conversation.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp


> -----Original Message-----
> From: Tony Bartoletti1 [mailto:bartoletti1 at llnl.gov]
> Sent: Friday, June 12, 2009 9:59 AM
> To: Karp, Alan H
> Subject: RE: [cap-talk] "ambient authority" on wiki.erights.org
> 
> Hi Alan,
> 
> I'm not sure how I lost the list-address in that reply.  If there is
> anything useful here feel free to use it, or forward to the list if
> it will service.  I really just wanted to get my head around
> "ambience" here.  It is a bit slippery.  Thanks!
> 
> ____tony____
> 
> 
> At 05:32 PM 6/11/2009, you wrote:
> >(Is there a reason you sent this note privately?  It seems
> >appropriate for the full list.)
> >
> >Tony Bartoletti1 wrote:
> > >
> > > I think I get it, but (being a stickler on words and their
> meanings)
> > > can either of these two sentences be taken as "true" in any
> meaningful
> > > way?
> > >
> > >    1.  I have the authority to delete file X, but not the
> permission.
> >
> >Yes, if something you have permission to invoke will delete the file
> >if you ask.  (Note that the "permission to invoke" part can be
> >repeated many times.)
> >
> > >    2.  I have the permission to delete file X, but not the
> authority.
> > >
> >Not possible.  A permission is an authority even though an authority
> >is not a permission.
> >
> > > I simply mean to point out that "permission" and "authority" are
> > > terms specifically "loaded" in this context.  Also, (I think) the
> > > cryptographic (or else Swiss Number-like) property of the
> > > "designations" employed here makes it really more that what most
> > > folks would consider (simple) designation to be.
> >
> >I agree that "permission" and "authority" need to be used
> >carefully.  Using Swiss numbers implies you are combining
> >designation with permission.  (The right word here is "permission"
> >because we are talking about a direct invocation.)  Swiss numbers
> >use unguessability as a substitute for unforgeability so that
> >possession (knowledge) of a reference is evidence of the right to
> >invoke.  In that sense, a Swiss number is more than just a
> designation.
> > >
> > > I suspect that (re: Unix) "my membership in group W" indicates an
> > > "authority" I bear (to act with the authority of group W
> > > membership).  If file X belongs to group W, and is group-writable,
> my
> > > attempt/request to "write file X" does not explicitly demonstrate
> > > that "I have the permission", but rather leaves it up to the
> > > requestee (OS) to calculate that the permission "exists in effect",
> > > and the action could be allowed.
> >
> >In that sense, there are no permissions in Unix, just authorities,
> >because the ability to carry out any action depends on the actions
> >of the OS.  While that statement is correct, it is perhaps
> >misleading.  If I take your approach to its logical conclusion, we
> >could say that I only have permission to influence the flow of some
> >electrons, and everything else is authority.  We often abstract away
> >lower levels for clarity.  I think this is one such place.
> > >
> > > Is this the essence (or at least, an instance) of "Ambience"?  That
> > > the requestee must essentially calculate some intersection and
> > > determine that the request falls inside that intersection?
> >
> >Yes.
> > >
> > > Put another way, your description of ambient authority is based
> upon
> > > what the "submitter" does (must, need) specify.  Could one not also
> > > formulate a definition based upon what the "receiver" of a request
> > > need possess or perform?
> > >
> >I don't think so.  The essence of ambient authority is that it is
> >necessarily independent of the specific request being made.  I don't
> >see how to express that fact from something the receiver has or does.
> >
> >________________________
> >Alan Karp
> >Principal Scientist
> >Virus Safe Computing Initiative
> >Hewlett-Packard Laboratories
> >1501 Page Mill Road
> >Palo Alto, CA 94304
> >(650) 857-3967, fax (650) 857-7029
> >http:// www. hpl.hp.com/personal/Alan_Karp
>

More information about the cap-talk mailing list