[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

David Wagner daw@mozart.cs.berkeley.edu
1 Feb 2001 06:13:25 GMT


Jonathan S. Shapiro wrote:
>David Wagner wrote:
>> There's nothing about ACL's that forces you to do all-or-nothing
>> delegation.
>
>In fact, if you look at Lampson's paper "Protection", you'll find that
>there is no operation permitting you to do that at all.

Actually, there is!  See the copy flag (marked with an asterisk).
If subject S has access A to object O, and the access is marked with
the copy flag, then S can give away access A to O to any other subject
S' she likes.  For example, if A is the `read' flag, this allows S to
give away read access to a file she owns without giving away write access.
See Figure 1 of his paper.
http://research.microsoft.com/lampson/09-Protection/Abstract.html

This copy flag stuff seems a bit baroque today to my eyes, but provision
was already there in the original Lampson paper for delegation.