Ambient authority
From Erights
(→Notes concerning the definition) |
|||
| Line 10: | Line 10: | ||
Whether we can say that some chosen subject has '''ambient authority''' or not is solely determined by the fact HOW are operations allowed or denied. It is independent from the fact WHAT PERMISSIONS a given subject actually has. This matters in case of a term [[excess authority]]. | Whether we can say that some chosen subject has '''ambient authority''' or not is solely determined by the fact HOW are operations allowed or denied. It is independent from the fact WHAT PERMISSIONS a given subject actually has. This matters in case of a term [[excess authority]]. | ||
| + | |||
| + | The difference between [[ambient authority system]] and the [[designated authority system]] is that: | ||
| + | * in the first case subjects, when they request some operation with some object, '''do not have to''' specify the permission that allows given operation with given object; | ||
| + | * in the latter case subject, when they request some operation with some object, '''have to''' specify the permission this request with designated the permission that allows given operation with given object. | ||
== See also == | == See also == | ||
Revision as of 09:23, 10 July 2009
The correct interpretation of this page relies on proper interpretation of words: subject, object, operation and permission.
Contents |
Definition
IF a subject requests an action, typically by naming an object and an operation on that object, and the action is allowed because the subject has a permission that would allow the action, THEN we say that the subject has ambient authority.
Notes concerning the definition
Instead of "naming" an object, capability community often uses the term "designation" of an object.
Whether we can say that some chosen subject has ambient authority or not is solely determined by the fact HOW are operations allowed or denied. It is independent from the fact WHAT PERMISSIONS a given subject actually has. This matters in case of a term excess authority.
The difference between ambient authority system and the designated authority system is that:
- in the first case subjects, when they request some operation with some object, do not have to specify the permission that allows given operation with given object;
- in the latter case subject, when they request some operation with some object, have to specify the permission this request with designated the permission that allows given operation with given object.
See also
Examples of ambient authority
All UNIX processes run by some user have ambient authority to manipulate all files owned by that user.
All UNIX processes have ambient authority to listen to TCP or UDP ports 1024--65535.
All UNIX processes have ambient authority to send any signal to any other UNIX process.
Acknowledgement
The term ambient authority was coined by Dean Tribble and Mark S. Miller.
