[cap-talk] "ambient authority" on wiki.erights.org

Karp, Alan H alan.karp at hp.com
Mon Jun 15 19:06:59 EDT 2009

David-Sarah Hopwood wrote:

> >> The dereference of the static variable represents use of ambient authority.
> >>
> > No it doesn't.  The object is referenced explicitly.
> The object dereferenced by name, from a global namespace (assuming
> we are considering global static variables), without specifying any
> additional permission that grants the authority to dereference this
> variable.
Normally, holding a reference to an object allows you to invoke any method of the object.  Are you saying that there is some external mechanism that decides which methods the requesting object has permission to invoke?  I've seen that for external resources, such as files, but not for an object reference.

The object is dereferenced by a lambda name, e.g., a program variable.  That name just happens to be in the namespace of every object, but it's still just an object reference.  
> There is no essential difference between this and the fopen+fread example:
> in both cases you have an ambient dereferencing operation, followed by a
> non-ambient use of the obtained reference.
The difference is that the static variable is a reference to an object within the running program.  The fopen/fread example refers to resources outside the program, specifically files, and an interaction with the operating system.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list