[cap-talk] Definition of Authentication on wiki.erights.org
Mark Miller
erights at gmail.com
Tue Sep 8 08:48:44 PDT 2009
On Tue, Sep 8, 2009 at 1:48 AM, Matej Kosik<kosik at fiit.stuba.sk> wrote:
> Rob Meijer wrote:
>>
>> I fail to see any concrete difference between subjects and principles in
>> that your definition of a principle seems to align with what I would
>> consider a subject.
>
> The term `subject' already has one meaning. There is no confusion. For
> our context, I have tried to recapture it here:
>
> http://wiki.erights.org/wiki/Subject%2C_object%2C_operation_and_permission
>
> If you run a Linux machine, you are a principal (or in fact several
> principals). The processes that run on your behalf are subjects. Files
> are objects. There are few principals here but quite many subjects.
The definitions in section 8.1 of my thesis are:
# By subject we mean the finest-grain unit of computation on a given
system that may
# be given distinct direct access rights. Depending on the system,
this could be anything
# from: all processes run by a given user account, all processes
running a given program, an
# individual process, all instances of a given class, or an individual instance.
On Unix as conventionally conceived (where we don't think of
possession of a file descriptor as a permission), I would say " all
processes run by a given user account" are a subject. I don't see the
basis for assigning subject-hood at finer granularity within that
system. Given the std perspective on what is a Unix permission (and
ignoring setuid), there is no access control distinction among the
processes run under a given account, just as there is none among the
objects run within a given process.
This doesn't mean that principles necessarily == subjects. Horton
treats individual objects as subjects and "Who"s as principals. I
would find natural terminology such that, under Horton, individual
objects are authorized (for proactive POLA purposes) but large
collections of objects (all those operating as a given Who) are
authenticated (for reactive revocation purposes).
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list