http://50.77.162.165/mediawiki/index.php?feed=atom&target=Clandau&title=Special%3AContributionsErights - User contributions [en]2026-04-25T20:22:37ZFrom ErightsMediaWiki 1.15.5-7http://50.77.162.165/wiki/Ambient_authorityAmbient authority2009-06-11T23:04:31Z<p>Clandau: Restore credit to coiners</p>
<hr />
<div>== Draft Definition ==<br />
<br />
A [[subject]] may have several different [[permission]]s. '''Ambient authority''' is authority that can be used without having to identify which specific permission is required. In an ambient authority system, when a subject requests an action (typically by naming an object and an operation on that object), the action is allowed if the subject has any permission for the action. <br />
<br />
In contrast, in a designated authority system, a subject explicitly identifies a subset (usually one) of its permissions, and the action is allowed only if permitted by that subset of permissions. <br />
<br />
In an ambient authority system, often there is no way to identify a specific permission, so there is no concept of having different permissions. <br />
<br />
== Comment ==<br />
<br />
Several access control models were invented and implemented to enable restriction of ambient authority of subjects. Many of them are:<br />
* either weak (we cannot follow the [[POLA|principle of least authority]])<br />
* or convoluted (it is hard to learn how to work with this model and be sure about [[authority]] of subjects).<br />
Things become more "interesting" if we have to consider different security policies enforced via different alternative security mechanisms for the same type of objects and for different type of objects and the relevant transitivity relationship.<br />
<br />
== Examples of ambient authority ==<br />
<br />
All UNIX processes run by some user have ''ambient authority'' to manipulate all files owned by that user.<br />
<br />
All UNIX processes have ''ambient authority'' to listen to TCP or UDP ports 1024--65535.<br />
<br />
All UNIX processes have ''ambient authority'' to send any signal to any other UNIX process.<br />
<br />
== Acknowledgement ==<br />
<br />
The term ''ambient authority'' was coined by Dean Tribble and Mark S. Miller.</div>Clandauhttp://50.77.162.165/wiki/Ambient_authorityAmbient authority2009-06-11T22:04:40Z<p>Clandau: Completely replace the definition</p>
<hr />
<div>== Draft Definition ==<br />
<br />
A [[subject]] may have several different [[permission]]s. '''Ambient authority''' is authority that can be used without having to identify which specific permission is required. In an ambient authority system, when a subject requests an action (typically by naming an object and an operation on that object), the action is allowed if the subject has any permission for the action. <br />
<br />
In contrast, in a designated authority system, a subject explicitly identifies a subset (usually one) of its permissions, and the action is allowed only if permitted by that subset of permissions. <br />
<br />
In an ambient authority system, often there is no way to identify a specific permission, so there is no concept of having different permissions. <br />
<br />
== Comment ==<br />
<br />
Several access control models were invented and implemented to enable restriction of ambient authority of subjects. Many of them are:<br />
* either weak (we cannot follow the [[POLA|principle of least authority]])<br />
* or convoluted (it is hard to learn how to work with this model and be sure about [[authority]] of subjects).<br />
Things become more "interesting" if we have to consider different security policies enforced via different alternative security mechanisms for the same type of objects and for different type of objects and the relevant transitivity relationship.<br />
<br />
== Examples of ambient authority ==<br />
<br />
All UNIX processes run by some user have ''ambient authority'' to manipulate all files owned by that user.<br />
<br />
All UNIX processes have ''ambient authority'' to listen to TCP or UDP ports 1024--65535.<br />
<br />
All UNIX processes have ''ambient authority'' to send any signal to any other UNIX process.</div>Clandau