[cap-talk] "ambient authority" on wiki.erights.org

[David-Sarah Hopwood]

David Wagner wrote:
> Rob Meijer wrote:
>> After this, we need to look at some border cases that apparently are
>> subject to different interpretation with respect to if they should be
>> classified as ambient authority or not:
>>
>> A Static authority (as in static authority carrying variables in OO)
>> B Authority through ambient available proxies.
>> C Authority through designating proxy permission to a proxy with ambient
>>  authority.
> 
> Thanks for these helpful examples.  If I got a choice, I'd want
> A and B to be included as examples of the anti-pattern, but not C.

I agree, I think that trying to make the definition include transitive
use of ambient authority via proxies is not very helpful. The "ambient"
concept is about individual requests (or about APIs that require or
encourage ambient requests).

If some subject S makes ambient requests, then that is liable to
result in it being confusable. If that confusability is exploited and
then other subjects rely on S, they may do the wrong thing as a result
of S's confusion, but they are not directly confusable by the problem
that we are discussing.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com