[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: adding/subtracting permissions ??

At 05:45 PM 4/7/97 EDT, Ron Rivest wrote:
>I think the problem you are proposing have little to do with *-forms, and
>arise from the "negative" nature of the authorization.  What does it mean
>to have two certificates:
>	(vacation-not-ok-on (* set Monday Tuesday))
>	(vacation-not-ok-on (* set Monday Wednesday))
>With these certificates, I can take a vacation on any day but Monday!
>But the *-free certificates
>	(vacation-not-ok-on Monday)
>	(vacation-not-ok-on Tuesday)
>	(vacation-not-ok-on Wednesday)
>are also problematic: I can take a vacation any day I like!  The problems
>arise from having multiple certificates (starred or not) that attempt
>to take away privileges, rather than grant them.  
>"Negative authorizations" should just not be used.  Each *-free form
>should grant a specific (positive) authorization.  The *-forms just
>provide a short-hand for granting multiple authorizations at once, but
>don't really introduce any new issues.  

I think these are excellent examples, Ron.

How hard is it going to be to describe negative vs. positive authorizations 
to the average sysadmin who might be defining them?

That's one of the tasks ahead of us.

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |