[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clever delegation ??
At 2:52 PM -0800 4/4/97, Carl Ellison wrote:
>At 10:22 PM 4/2/97 -0800, Bill Frantz wrote:
>>I think it depends on whether the items in the tag grant authority or
>>remove it. Consider composing the tags (ftp /pub/ftp/foo) and (ftp
>>/pub/ftp/foo R/O). I believe that the method you suggest would reduce this
>>to (ftp /pub/ftp/foo) which just might allow the holder to replace foo.
>>
>>It is issues like this which need to be made clear so people don't shoot
>>themselves in the foot.
>
>This is an important point, Bill.
>
>We have been assuming that any tag which is permitted to acquire parameters
>(append or insert, in Ron's terminology) is reduced thereby. That is,
>each parameter is a limitation.
>
>Can you think of a good example where an additional parameter might increase
>authority? If so, I would like to use it in the next draft.
If you model the UNIX file system in a cert, (and borrowing heavily from
the above example), you might be tempted to generate certs that named a
particular file and then gave access rights to it (R, W, A, R A, R W, R W
X, etc.) In this case, each of the parameters adds to the set of
authorized actions. As Franco Papacella <franco@goldnet.ch> points out, if
the combiner does an intersection, we get the correct results.
I think that it is correct to say, if the parameter increases the
privilege, then the combiner must do an intersection. If the parameter
reduces the privilege, as when the R/O parameter is added to limit the
authorization to Read Only access, then the combiner needs to do an union.
-------------------------------------------------------------------------
Bill Frantz | I have taken a real job at | Periwinkle -- Consulting
(408)356-8506 | Electric Communities as a | 16345 Englewood Ave.
frantz@netcom.com | capability security guru. | Los Gatos, CA 95032, USA
References: