Ambient authority is a term used in the study of access control systems. A subject, such as a computer program, is said to be using ambient authority if it only needs to specify the names of the involved object(s) and the operation to be performed on them in order for a permitted action to succeed. In this definition, The authority is "ambient" in the sense that it exists in a broadly visible environment (often, but not necessarily a global environment) where any subject can request it by name. For example, suppose a C program opens a file for read access by executing the call:
| Attributes | Values |
|---|
| rdfs:label
| - Ambient authority (en)
- 环境权限 (zh)
|
| rdfs:comment
| - Ambient authority is a term used in the study of access control systems. A subject, such as a computer program, is said to be using ambient authority if it only needs to specify the names of the involved object(s) and the operation to be performed on them in order for a permitted action to succeed. In this definition, The authority is "ambient" in the sense that it exists in a broadly visible environment (often, but not necessarily a global environment) where any subject can request it by name. For example, suppose a C program opens a file for read access by executing the call: (en)
- 环境权限(英文:Ambient Authority)是系统访问控制研究中的术语。当主体(比如某个计算机程序或Linux上的某个用户)指明它需要的客体(Object,比如某一文件)的名称和它将要对该客体执行的动作(Operation,比如“复制”)便可以完成该动作的时候,我们称该主体使用了环境权限。 在“环境权限”的定义中: 1.
* 客体的“名称”指的是可被任何主体使用的某一客体的唯一标识符,这一“名称”本身不包含它所指代的客体的权限信息。(举例来说,有一客体名为“foo.txt”,主体“root”拥有权限“rwx”,名称指的就是“foo.txt”,并不包含权限“rwx”); 2.
* 一个由主体发起的动作“获得许可(或称“可以完成”)”指的是该主体能够提出任何一种能够完成该动作的请求。(举例来说,主体“root”具有“foo.txt”的“r”权限,那么当主体提出“r foo.txt”的时候能够完成“r”的动作,我们说主体的“r”动作获得了许可) “环境权限”存在于“广泛的可见空间(比如全局环境变量)”,也就是说任何主体都可以通过名称请求它并完成动作。 下面是一个C程序通过open程序调用来完成读取文件的操作: open(“filename”,O_RDONLY, 0) (zh)
|
| dcterms:subject
| |
| Wikipage page ID
| |
| Wikipage revision ID
| |
| Link from a Wikipage to another Wikipage
| |
| sameAs
| |
| dbp:wikiPageUsesTemplate
| |
| has abstract
| - Ambient authority is a term used in the study of access control systems. A subject, such as a computer program, is said to be using ambient authority if it only needs to specify the names of the involved object(s) and the operation to be performed on them in order for a permitted action to succeed. In this definition,
* a "name" is any way of referring to an object that does not itself include authorising information, and could potentially be used by any subject;
* an action is "permitted" for a subject if there exists any request that that subject could make that would cause the action to be carried out. The authority is "ambient" in the sense that it exists in a broadly visible environment (often, but not necessarily a global environment) where any subject can request it by name. For example, suppose a C program opens a file for read access by executing the call: open("filename", O_RDONLY, 0) The desired file is designated by its name on the filesystem, which does not by itself include authorising information, so the program is exercising ambient authority. When ambient authority is requested, permissions are granted or denied based on one or more global properties of the executing program, such as its identity or its role. In such cases, the management of access control is handled separately from explicit communication to the executing program or process, through means such as access control lists associated with objects or through Role-Based Access Control mechanisms. The executing program has no means to reify the permissions that it was granted for a specific purpose as first-class values. So, if the program should be able to access an object when acting on its own behalf but not when acting on behalf of one of its clients (or, on behalf of one client but not another), it has no way to express that intention. This inevitably leads to such programs being subject to the confused deputy problem. The term "ambient authority" is used primarily to contrast with capability-based security (including object-capability models), in which executing programs receive permissions as they might receive data, as communicated first-class object references. This allows them to determine where the permissions came from, and thus avoid the Confused deputy problem. However, since there are additional requirements for a system to be considered a capability system besides avoiding ambient authority, "non-ambient authority system" is not just a synonym for "capability system". Ambient authority is the dominant form of access control in computer systems today. The user model of access control as used in Unix and in Windows systems is an ambient authority model because programs execute with the authorities of the user that started them. This not only means that executing programs are inevitably given more permissions (see Principle of least privilege) than they need for their task, but that they are unable to determine the source or the number and types of permission that they have. A program executing under an ambient authority access control model has little option but to designate permissions and try to exercise them, hoping for the best. This property requires an excess of permissions to be granted to users or roles, in order for programs to execute without error. (en)
- 环境权限(英文:Ambient Authority)是系统访问控制研究中的术语。当主体(比如某个计算机程序或Linux上的某个用户)指明它需要的客体(Object,比如某一文件)的名称和它将要对该客体执行的动作(Operation,比如“复制”)便可以完成该动作的时候,我们称该主体使用了环境权限。 在“环境权限”的定义中: 1.
* 客体的“名称”指的是可被任何主体使用的某一客体的唯一标识符,这一“名称”本身不包含它所指代的客体的权限信息。(举例来说,有一客体名为“foo.txt”,主体“root”拥有权限“rwx”,名称指的就是“foo.txt”,并不包含权限“rwx”); 2.
* 一个由主体发起的动作“获得许可(或称“可以完成”)”指的是该主体能够提出任何一种能够完成该动作的请求。(举例来说,主体“root”具有“foo.txt”的“r”权限,那么当主体提出“r foo.txt”的时候能够完成“r”的动作,我们说主体的“r”动作获得了许可) “环境权限”存在于“广泛的可见空间(比如全局环境变量)”,也就是说任何主体都可以通过名称请求它并完成动作。 下面是一个C程序通过open程序调用来完成读取文件的操作: open(“filename”,O_RDONLY, 0) 在程序调用过程中,程序仅仅指明了目标文件的文件名,此文件名不包含任何的权限信息,也就是说C程序无法从此文件名中获得权限信息。在这个语境中,权限信息存在于环境中,这也就是我们所说的“环境权限”。 (zh)
|
| gold:hypernym
| |
| prov:wasDerivedFrom
| |
| page length (characters) of wiki page
| |
| foaf:isPrimaryTopicOf
| |
| is Link from a Wikipage to another Wikipage
of | |
| is Wikipage redirect
of | |
| is foaf:primaryTopic
of | |
![[RDF Data]](/fct/images/sw-rdf-blue.png)
![[cxml]](/fct/images/cxml_doc.png)
![[csv]](/fct/images/csv_doc.png)
![[text]](/fct/images/ntriples_doc.png)
![[turtle]](/fct/images/n3turtle_doc.png)
![[ld+json]](/fct/images/jsonld_doc.png)
![[rdf+json]](/fct/images/json_doc.png)
![[rdf+xml]](/fct/images/xml_doc.png)
![[atom+xml]](/fct/images/atom_doc.png)
![[html]](/fct/images/html_doc.png)