[cap-talk] Computer Bill of Rights: (was Re: "ambient authority" on wiki.erights.org)

Karp, Alan H alan.karp at hp.com
Mon Jun 15 13:23:34 EDT 2009 

John Carlson wrote:
> 
> I am skeptical about the use of "permission."  I think we should focus
> on what *rights* a person has on a computer system.  I think our
> concepts of permission derive from our families, like "Are we
> permitted to go to the party?"  "Are we permitted to use the car?"
> "Are we permitted to use the computer?"  If there is a mathematical
> description about it, I would feel more comfortable about its use with
> computers.  Permissions are derived from authorities, namely, our
> parents, educators and the government.  How many times do we sneak out
> to go to the party, break laws  such as the speed limit--do things we
> are not permitted to do?  Is something based on permission really
> secure?  The only authority on the computer appears to be the
> operating system.  The definition of operating system seems to be
> things which run in a certain hardware mode.  Permissions in a typical
> ambient authority operating systems appear to be things wielded to get
> the operating system to do something for you.  I have zero experience
> with capability operating systems, but I would hope that permissions
> would be something granted to you by the operating system, like a
> right.  The difference between a right and a permission appear to be
> that your permissions can be revoked or attenuated, whereas rights
> cannot.  Is it true that we have zero rights on computer systems?
> What rights should users have on a computer?  Like:  the right to know
> how their personal information is being used.  Let's focus on what
> rights users have instead of what permissions, and I think we'll come
> up with a better operating system that everyone will want...the wiki
> is on e*rights*.org, right?  Does anyone want to come up with a
> computer bill of rights?
>
You are using the words "permission" and "authority" in a proper English manner.  However, those are not the definitions appropriate to the discussion at hand, which are those in Paradigm Regained and MarkM's thesis.  

Permission: The set of things you are explicitly allowed to do.  In an ACL system, a permission is embodied as an entry in the ACL for a resource.  In an ocap system, a permission is embodied as an object reference.  Permissions are not always issued or enforced by the operating system.

Authority: The set of things you can cause to happen based on the behavior of things you have permission to invoke, the behavior of things those things have permission to invoke, ...  An example is the authority to read a web page based on your permission to reach the page and the web server's behavior that displays a page the server has permission to read.

The way you are using "right" is also correct, but I believe what you describe is something built out of permissions and authorities.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp

More information about the cap-talk mailing list