[e-lang] A PictureBook of Secure Cooperation

Fred Spiessens fsp at info.ucl.ac.be
Tue Mar 29 04:04:00 EST 2005

Hi Marc,

very nice work, thanks.
some remarks:

- The Yin/Yang slide is good!

- about slide 4:
The Revoker holds only the power to revoke; it can be given to people 
who are not trusted with the actual file authority.
You probable mean: The Revoker holds only the power to revoke. The 
revokable forwarder is given to people who are not trusted with 
everlasting authority to the actual file.

For an audience that is new to capabilities, I have experienced that 
revocation by dropping access can be confusing in a way: it looks as if 
authority is only influenced by permission which could in the reader's 
mind be done with ACLs. Your slide in meant to show the nice property 
of composition: make a revokable forwarder from a revoker and a 
forwarder. That is important too, but I suggest you mention the fact 
that authority can be reduced in another way too: by reducing the 
effect of exerting a permission without even touching the access graph 
(or the access control matrix in the reader's mind).

I have a similar remark on slide 3: the faceting is done exactly via 
the lines of the methods. That is simple and should probably be the way 
to introduce faceting anyway. But being the only example, this can lead 
to a false idea of facets being composed by predefined orthogonal 
atomic entities (methods). That allows people to keep thinking the ACL 
way: they see you refine the reference monitor they are thinking about 
to the method level: as J2EE allows. An alternative facet could combine 
reading and writing, but writing in a restricted way (e.g. only adding 
well formatted data), and reading restricted to yesterday's news. That 
would be an example of authority reduction in which the facet actually 
uses (needs) the complete authority of the file, but provides only 
partial authority: a facet actively reducing authority.

hope this is useful,


On 28 Mar 2005, at 21:03, Stiegler, Marc D wrote:

> In the ongoing process of building more introductory materials for
> different audiences, I have constructed a simple PictureBook of Secure
> Cooperation. You can find it at
> http://www.skyhunter.com/marcs/SecurityPictureBook.ppt
> The cap-talk and e-lang folk will not learn anything new from this
> presentation; however, it may be useful as a reference for people you
> are trying to bring into the community. It has the merit of being a 
> very
> fast read (it is, after all, a picture book :-), and tries more to 
> point
> people in the direction of our way of thinking about things, than about
> our specific technology (well, there is an appendix with E sample code
> to implement some of the pictures :-)
> --marcs
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang

More information about the e-lang mailing list