[cap-talk] Definition of Authentication on wiki.erights.org
Matej Kosik
kosik at fiit.stuba.sk
Thu Sep 10 22:48:33 PDT 2009
Rob Meijer wrote:
> On Tue, September 8, 2009 10:48, Matej Kosik wrote:
>> Rob Meijer wrote:
>>> I fail to see any concrete difference between subjects and principles in
>>> that your definition of a principle seems to align with what I would
>>> consider a subject.
>> The term `subject' already has one meaning. There is no confusion. For
>> our context, I have tried to recapture it here:
>>
>> http://wiki.erights.org/wiki/Subject%2C_object%2C_operation_and_permission
>
> I fully agree with this definition here, sounds much like how David-Sarah
> describes a principle though.
>
>> If you run a Linux machine, you are a principal (or in fact several
>> principals). The processes that run on your behalf are subjects. Files
>> are objects. There are few principals here but quite many subjects.
>
> So if I understand correctly, principles only exist at a very course
> granularity, and it is just the granularity that determines if an active
> object is a subject or a principle?
This will be a dumb question: why do you use word `principle' when I
used `principal' ?
For me, the difference between the two terms:
- subject
- principal
is simple. It does not make sense to try to authenticate subjects but it
makes sense to authenticate principals.
Although I would not reject immediately an idea that `principals' are
special case of `subjects'.
Does this make sense to you?
------------------------------
My viewpoint does not cover well situations where designers are
forcefully trying to convert all subjects to (authenticable) principals
because otherwise they are unable to enforce security policies over them
due to their wish to use IBAC at fine level. I do not consider this a as
a problem if our vocabulary does not cover that because that is a broken
approach. It is good to be aware of it but our (my) vocabulary should
not attract us (me) to that way of thinking.
Does this make sense to you?
For example that funky experiment:
http://altair.fiit.stuba.sk/mediawiki/index.php/Backwater
(a set of relatively trivial kernels currently without any user-space
support) is full of subjects but there is no pricipal. At most, I can be
viewed as a principal who authored that system (I can digitally sign it
and give away and others can recognize that indeed, given kernel was
issued by me and they can blame me for breaking their computer :) ).
> Or are all principles subjects?
The answer is a matter of aggreement but I would consciously like to
avoid that equation. That is my wish.
I leave the rest uncommented because below you pursue meaning that is
above discouraged.
> In the later case I think using the granularity independent term subject
> would be preferable, as using different names for the same abstraction at
> different levels of granularity is moving things in exactly the opposite
> direction of what we should want it to move. That is, we should try to
> define all terms in a granularity independent way as to allow solutions to
> problems found at one granularity level to be applied to an other
> granularity level without a requirement for a change in vocubulary.
>
> If I misunderstand this (what I probably have, for David-Sarah's
> discussion really and truly confuses me at this moment), could you please
> explain how a principle differs from a subject, other than at what
> granularity level it is defined, and from that difference, how that
> difference is relevant to the concept of authentication?
>
> I currently don't really see why 'subject authentication' would not fit
> all examples we have seen that fit 1), or why it would include examples
> that you would not want to include in a definition. Could you and/or
> David-Sarah please elaborate on this?
>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
--
Matej Kosik
More information about the cap-talk
mailing list