[cap-talk] Definition of Authentication on wiki.erights.org

[Mark Miller]

On Mon, Sep 21, 2009 at 12:48 AM, Rob Meijer <capibara at xs4all.nl> wrote:
> On Mon, September 21, 2009 06:34, Karp, Alan H wrote:
>> Rob Meijer wrote:
>>>
>>> When describing access control mechanisms I currently use a 10
>>> granularity
>>> levels:
>>>
>>> 1) Object method/facet granularity
>>> 2) Object granularity
>>> 3) Class granularity
>>> 4) Package granularity
>>> 5) Process granularity
>>> 6) Persistent process granularity
>>> 7) Account granularity/ program granularity
>>> 8) Person granularity/program author granularity
>>> 9) Company granularity/ Organization granularity
>>> 10) Society granularity/ culture granularity.
>>>
>> These are useful categories when talking about access control mechanisms,
>> but I was talking about the access control process.  There is overlap
>> between these two, but they are not the same.
>>
>
> Do you feel the access control 'process' (and more importantly its
> terminology) is in some way locked to specific levels of granularity and
> thus carries terminology that can not meaningfully be transposed to other
> levels of granularity?
>
> I feel there is a lot of merit in trying to always use and define
> terminology mechanisms and processes in such a way that it is granularity
> neutral, so that patterns or solutions at one set of granularities can
> easily be transposed to a different set of granularities without any
> linguistic and thus without any mental barriers that let os think about
> different granularities using different sets of abstractions.

+1. I think the granularity neutral approach is important. It was
essential to arrive at common descriptions of OS-based caps,
language-based caps, crypto-based caps, and cap-based GUIs.



> Rob
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>



-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM