On Fri, Jul 4, 2014 at 1:26 PM, Matt Oliveri <[email protected]> wrote:
> On Fri, Jul 4, 2014 at 3:16 PM, Jonathan S. Shapiro <[email protected]> > wrote:> Ah! We're hung up on the distinction between permission and > authority. > > Really? Is it that important to distinguish the two? What I ultimately > care about is authority, and whether I analyze that in terms of > permissions or with more general-purpose semantic techniques shouldn't > matter. The part that's important is getting it into the programmer's head that choosing the interface specifications in a way that yields the right transitive reflexive closure of reachable operations is the essence of interface-based security. Since that TRC is (by definition) the difference between permission and authority, yes, it's an important thing to consider. And yes, it's a static approximation to controls you might do with more general semantic techniques, but my experience is that the more general techniques are both hard to explain and hard to understand. In the right place, sure. But the simplest answers to manage are going to be the conservative ones, because they are simpler to explain. shap
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
