[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clever delegation ??

At 2:52 PM -0800 4/4/97, Carl Ellison wrote:
>At 10:22 PM 4/2/97 -0800, Bill Frantz wrote:
>>I think it depends on whether the items in the tag grant authority or
>>remove it.  Consider composing the tags (ftp /pub/ftp/foo) and (ftp
>>/pub/ftp/foo R/O).  I believe that the method you suggest would reduce this
>>to (ftp /pub/ftp/foo) which just might allow the holder to replace foo.
>>It is issues like this which need to be made clear so people don't shoot
>>themselves in the foot.
>This is an important point, Bill.
>We have been assuming that any tag which is permitted to acquire parameters
>(append or insert, in Ron's terminology) is reduced thereby.  That is,
>each parameter is a limitation.
>Can you think of a good example where an additional parameter might increase
>authority?  If so, I would like to use it in the next draft.

If you model the UNIX file system in a cert, (and borrowing heavily from
the above example), you might be tempted to generate certs that named a
particular file and then gave access rights to it (R, W, A, R A, R W, R W
X, etc.)  In this case, each of the parameters adds to the set of
authorized actions.  As Franco Papacella <franco@goldnet.ch> points out, if
the combiner does an intersection, we get the correct results.

I think that it is correct to say, if the parameter increases the
privilege, then the combiner must do an intersection.  If the parameter
reduces the privilege, as when the R/O parameter is added to limit the
authorization to Read Only access, then the combiner needs to do an union.

Bill Frantz       | I have taken a real job at | Periwinkle -- Consulting
(408)356-8506     | Electric Communities as a  | 16345 Englewood Ave.
frantz@netcom.com | capability security guru.  | Los Gatos, CA 95032, USA