[cap-talk] erights wiki : ambient authority

[David Chizmadia]

I think there is an issue that isn't clear in the current definition on
the erights wiki: specifically, the role of the trusted access control
infrastructure (TACI) in selecting and presenting the access
permission.

My personal definitions look something like:

Object - An Actor that accepts requests for access to data or
computation that it controls..

Subject - An Actor that presents an access request to a Target.

Ambient Authority:: Authorization for an access request that is
*computed by the trusted access control infrastructure* - with
no intervention or input by the Subject - using information in
some combination of the Subject and Target execution contexts.

Designated (or Explicit?) Authority: Authorization for an access
request that is *specifically selected by the Subject* from a list
of authorizations available to the Subject and presented as an
explicit part of the access request.

-DMC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090615/9ba0e54b/attachment.html