[E-Lang] E FAQ

Tue, 16 Oct 2001 10:03:54 -0700

At 04:55 AM 10/16/2001 Tuesday, Jonathan S. Shapiro wrote:
>First, such controls are entirely discretionary. If the code can be
>compromised, the compromised program has full access to the expanded
>authority set. Least privilege is a mandatory control.

At 04:58 AM 10/16/2001 Tuesday, Jonathan S. Shapiro wrote:
>Otherwise, the decision to perform a rescind only makes sense in two cases:
>
>    1. When volitionally destroying an object
>    2. When enforcing a mandatory policy as above.

Could you explain, in our object-oriented way of speaking (rather than 
Orange book or Common Criteria), what is meant (or what you mean) by 
mandatory vs discretionary?  I've thought I've understood it at times, but 
then often I see usage that says I got it wrong.  Thanks.

The Ode reflects what I've thought I've understood, but may be confused.  On 
http://www.erights.org/elib/capability/ode/overview.html#perspective-game it 
says:

>Recall the three conditions needed for Bob to receive a reference to Carol 
>from Alice. The first two conditions [that Alice have a reference to Carol, 
>and that Alive have a reference to Bob] are constraints on the possible 
>moves available to Alice (and so correspond to mandatory security). The 
>third condition is that Alice must choose to make this move (and so 
>corresponds to discretionary security).

Was I confused?

        Cheers,
        --MarkM