[cap-talk] "ambient authority" on wiki.erights.org

[David Wagner]

Rob Meijer wrote:
> there are actually four possibilities for what ambient authority would
> include:

I wonder if you may be approaching this from the wrong end.  You are
starting with the phrase, and trying to come up with a concept to go
with the name.  That feels backwards to me.

Let me articulate the insight that Dean & Mark had, as I see it.
Their insight was to identify a particular pattern (anti-pattern,
actually) that is common to many systems and is harmful to security.
This was a useful and important concept.  Given that this is an important
concept, it's useful for it have a name.  The specific name chosen is
arguably less important than that it have *a* name.  The concept itself
is more important than the name we use to refer to it.

It sounds like you are starting from the phrase and trying to come up
with a definition of that phrase, trying to decide which definition
seems like it goes best with that phrase.  I'd argue you should be
starting from the concept, since that's the important thing.  The words
"ambient authority" are not of any particular interest in themselves,
apart from the concept/pattern that Dean & Mark identified as important.

If you want to argue that this concept should go under a different name,
well, you're free to.  Personally I think it's a bit late for that at
this point, but you're free to disagree.  But, does it really matter?
A phrase like "ambient authority" isn't going to make any sense to anyone
outside our community until it is explained, anyway, so why does it matter
which mysterious phrase we use for this unfamiliar but important concept?
I'd say "ambient permission" is just as mysterious.