Ambient authority
From Erights
(Clarify first definition) |
|||
| Line 1: | Line 1: | ||
== Draft Definition == | == Draft Definition == | ||
| - | A [[subject]] may have several different [[permission]]s. '''Ambient authority''' is authority that can be used without having to identify which specific permission is | + | A [[subject]] may have several different [[permission]]s. '''Ambient authority''' is authority that can be used without having to identify which specific permission is intended. In an ambient authority system, when a subject requests an action (typically by naming an object and an operation on that object), the action is allowed if the subject has any permission that would allow the action.a |
In contrast, in a designated authority system, a subject explicitly identifies a subset (usually one) of its permissions, and the action is allowed only if permitted by that subset of permissions. | In contrast, in a designated authority system, a subject explicitly identifies a subset (usually one) of its permissions, and the action is allowed only if permitted by that subset of permissions. | ||
| - | In an ambient authority system, often there is no way to identify a specific permission, so there is no concept of having different permissions. | + | In an ambient authority system, often there is no way to identify a specific permission, so there is no concept of having different permissions. |
== Examples of ambient authority == | == Examples of ambient authority == | ||
Revision as of 06:10, 12 June 2009
Draft Definition
A subject may have several different permissions. Ambient authority is authority that can be used without having to identify which specific permission is intended. In an ambient authority system, when a subject requests an action (typically by naming an object and an operation on that object), the action is allowed if the subject has any permission that would allow the action.a
In contrast, in a designated authority system, a subject explicitly identifies a subset (usually one) of its permissions, and the action is allowed only if permitted by that subset of permissions.
In an ambient authority system, often there is no way to identify a specific permission, so there is no concept of having different permissions.
Examples of ambient authority
All UNIX processes run by some user have ambient authority to manipulate all files owned by that user.
All UNIX processes have ambient authority to listen to TCP or UDP ports 1024--65535.
All UNIX processes have ambient authority to send any signal to any other UNIX process.
Acknowledgement
The term ambient authority was coined by Dean Tribble and Mark S. Miller.
