[e-lang] A PictureBook of Secure Cooperation
fsp at info.ucl.ac.be
Tue Mar 29 04:04:00 EST 2005
very nice work, thanks.
- The Yin/Yang slide is good!
- about slide 4:
The Revoker holds only the power to revoke; it can be given to people
who are not trusted with the actual file authority.
You probable mean: The Revoker holds only the power to revoke. The
revokable forwarder is given to people who are not trusted with
everlasting authority to the actual file.
For an audience that is new to capabilities, I have experienced that
revocation by dropping access can be confusing in a way: it looks as if
authority is only influenced by permission which could in the reader's
mind be done with ACLs. Your slide in meant to show the nice property
of composition: make a revokable forwarder from a revoker and a
forwarder. That is important too, but I suggest you mention the fact
that authority can be reduced in another way too: by reducing the
effect of exerting a permission without even touching the access graph
(or the access control matrix in the reader's mind).
I have a similar remark on slide 3: the faceting is done exactly via
the lines of the methods. That is simple and should probably be the way
to introduce faceting anyway. But being the only example, this can lead
to a false idea of facets being composed by predefined orthogonal
atomic entities (methods). That allows people to keep thinking the ACL
way: they see you refine the reference monitor they are thinking about
to the method level: as J2EE allows. An alternative facet could combine
reading and writing, but writing in a restricted way (e.g. only adding
well formatted data), and reading restricted to yesterday's news. That
would be an example of authority reduction in which the facet actually
uses (needs) the complete authority of the file, but provides only
partial authority: a facet actively reducing authority.
hope this is useful,
On 28 Mar 2005, at 21:03, Stiegler, Marc D wrote:
> In the ongoing process of building more introductory materials for
> different audiences, I have constructed a simple PictureBook of Secure
> Cooperation. You can find it at
> The cap-talk and e-lang folk will not learn anything new from this
> presentation; however, it may be useful as a reference for people you
> are trying to bring into the community. It has the merit of being a
> fast read (it is, after all, a picture book :-), and tries more to
> people in the direction of our way of thinking about things, than about
> our specific technology (well, there is an appendix with E sample code
> to implement some of the pictures :-)
> e-lang mailing list
> e-lang at mail.eros-os.org
More information about the e-lang