[cap-talk] Definition of Authentication on wiki.erights.org
Rob Meijer
capibara at xs4all.nl
Tue Sep 8 03:30:15 PDT 2009
On Tue, September 8, 2009 10:48, Matej Kosik wrote:
> Rob Meijer wrote:
>>
>> I fail to see any concrete difference between subjects and principles in
>> that your definition of a principle seems to align with what I would
>> consider a subject.
>
> The term `subject' already has one meaning. There is no confusion. For
> our context, I have tried to recapture it here:
>
> http://wiki.erights.org/wiki/Subject%2C_object%2C_operation_and_permission
I fully agree with this definition here, sounds much like how David-Sarah
describes a principle though.
> If you run a Linux machine, you are a principal (or in fact several
> principals). The processes that run on your behalf are subjects. Files
> are objects. There are few principals here but quite many subjects.
So if I understand correctly, principles only exist at a very course
granularity, and it is just the granularity that determines if an active
object is a subject or a principle? Or are all principles subjects?
In the later case I think using the granularity independent term subject
would be preferable, as using different names for the same abstraction at
different levels of granularity is moving things in exactly the opposite
direction of what we should want it to move. That is, we should try to
define all terms in a granularity independent way as to allow solutions to
problems found at one granularity level to be applied to an other
granularity level without a requirement for a change in vocubulary.
If I misunderstand this (what I probably have, for David-Sarah's
discussion really and truly confuses me at this moment), could you please
explain how a principle differs from a subject, other than at what
granularity level it is defined, and from that difference, how that
difference is relevant to the concept of authentication?
I currently don't really see why 'subject authentication' would not fit
all examples we have seen that fit 1), or why it would include examples
that you would not want to include in a definition. Could you and/or
David-Sarah please elaborate on this?
More information about the cap-talk
mailing list