[cap-talk] "ambient authority" on wiki.erights.org

[David-Sarah Hopwood]

Sam Mason wrote:
> On Fri, Jun 19, 2009 at 06:29:21PM +0100, David-Sarah Hopwood wrote:
>> Sam Mason wrote:
>>> My understanding of ambient authority seem to be predicated on the
>>> following:
>>>
>>>   1) a minimum of three subjects; Ana, Bob and Charlie in this example
>>>
>>>   2) Ana has a designator D that references an object known to Charlie.
>>>      D does not carry authorizing information
> 
> I'm not sure if I was using "designator" correctly here, by designator
> I'm meaning any possible way of identifying an object known to Charlie;
> all the way from human memorable names through password caps to
> protected caps.  Just some way of referring to some object.  Rob has
> used a much stronger definition recently and I'm not sure if there is
> any ambiguity!

You were using it correctly here.

>>>   3) Ana shares D with Bob
>>>
>>>   4) Bob asks Charlie to perform some work on the object designated by D
>>
>> Ana is not essential:
> 
> The only way I can make ambient authority at all rigorous is to have
> three subjects; the reason being that if there are *always* two or less
> subjects then there isn't a problem as we know who is talking to who.

That's wrong. Confusion problems can occur even if everyone knows who
is talking to them; knowing that doesn't help at all.

The main reason it doesn't help is that knowing who is talking to you,
is not sufficient to tell you whether they had the permission that they
are asking you to use.

(Sorry, don't really have time for a more comprehensive response right
now.)

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com