[cap-talk] "ambient authority" on wiki.erights.org
Rob Meijer
capibara at xs4all.nl
Wed Jun 17 13:27:12 EDT 2009
On Wed, June 17, 2009 19:06, Karp, Alan H wrote:
> Rob Meijer wrote:
>
>> > Whether or not permissions are shared is orthogonal to whether or not
>> they
>> > are ambient.
>>
>> Not 'shared', 'shared implicitly'. I hope we can at least agree that the
>> essence of why ambient authority is a problem (regardless of the
>> specifics
>> of the definition) , lies in the fact that it is implicitly shared
>> authority.
>>
> I have read and write permission to two files, A and B. Nobody else has
> permission to read or write these files. When I say copy(A,B), I am not
> designating which of my rights to use for each argument. The rights are
> not shared, implicitly or otherwise, but they are ambient.
If A and B are names, than your rights will need to shared implicitly
between you and copy in order for copy to succeed, you use a name as only
way to designate the objects to what you and copy share authority, that is
therefore ambient.
If A and B are named references to file objects that carry their own
(excessive) permissions to both read and write the file, than the
authority is, given that you only needed to delegate A:read and B:write.
only excessive authority not ambient authority.
More information about the cap-talk
mailing list