[cap-talk] "ambient authority" on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Mon Jun 15 19:06:59 EDT 2009
David-Sarah Hopwood wrote:
> >> The dereference of the static variable represents use of ambient authority.
> > No it doesn't. The object is referenced explicitly.
> The object dereferenced by name, from a global namespace (assuming
> we are considering global static variables), without specifying any
> additional permission that grants the authority to dereference this
Normally, holding a reference to an object allows you to invoke any method of the object. Are you saying that there is some external mechanism that decides which methods the requesting object has permission to invoke? I've seen that for external resources, such as files, but not for an object reference.
The object is dereferenced by a lambda name, e.g., a program variable. That name just happens to be in the namespace of every object, but it's still just an object reference.
> There is no essential difference between this and the fopen+fread example:
> in both cases you have an ambient dereferencing operation, followed by a
> non-ambient use of the obtained reference.
The difference is that the static variable is a reference to an object within the running program. The fopen/fread example refers to resources outside the program, specifically files, and an interaction with the operating system.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk