[cap-talk] erights wiki : ambient authority
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon Jun 15 12:21:54 EDT 2009
Matej Kosik wrote:
> David-Sarah Hopwood wrote:
>> Matej Kosik wrote:
>>> I have still doubts concerning the article:
>>> http://wiki.erights.org/wiki/Ambient_authority
>>>
>>> What is relationship between:
>>> - ambient authority systems
>>> - systems where protection is made by ACLs.
>>> Aren't they defined in the same way?
>>
>> No, not at all. [...]
>> The fact that very little of the possible access control design space
>> has actually been effectively explored in popular systems, shouldn't
>> limit us to considering just that explored space when defining terminology.
>
> I am not sure at the moment that I can imagine also those other options.
> Is it indeed impossible to find their concrete instances?
The Iguana API in L4 is a concrete example of an ambient request API that
does not use ACLs:
<http://www.disy.cse.unsw.edu.au/Software/Iguana/>
It has been discussed previously on this list:
<http://www.eros-os.org/pipermail/cap-talk/2005-May/thread.html#3631>.
(That whole thread is worth re-reading, I think.)
> Even though the article is still incomplete (namely the text that
> follows the definition) I think it makes sense to further simplify the
> quoted definition:
> http://wiki.erights.org/wiki/Ambient_authority
> The definition simply defines what is `ambient authority' and does not
> define different terms.
>
> Is the definition correct in this shorter form?
Yes, this is much better.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list