DBpedia – Linked Data Fragments

Matches in DBpedia 2015-10 for { <http://dbpedia.org/resource/Ambient_authority> ?p ?o }

• Ambient_authority abstract "Ambient authority is a term used in the study of access control systems.A subject, such as a computer program, is said to be usingambient authority if it only needs to specify the namesof the involved object(s) and the operation to be performed on themin order for a permitted action to succeed. In this definition, a "name" is any way of referring to an object that does not itself include authorising information, and could potentially be used by any subject; an action is "permitted" for a subject if there exists any request that that subject could make that would cause the action to be carried out.The authority is "ambient" in the sense that it exists in a broadlyvisible environment (often, but not necessarily a global environment)where any subject can request it by name.For example, suppose a C program opens a file for read access by executing the call: open("filename", O_RDONLY, 0)The desired file is designated by its name on the filesystem,which does not by itself include authorising information, so the programis exercising ambient authority.When ambient authority is requested, permissions are granted or deniedbased on one or more global properties of the executing program,such as its identity or its role.In such cases,the management of access control is handled separatelyfrom explicit communicationto the executing program or process,through means such as access control lists associated with objectsor through Role-Based Access Control mechanisms.The executing program has no means to reify the permissionsthat it was granted for a specific purpose as first-class values.So, if the program should be able to access an object when acting onits own behalf but not when acting on behalf of one of its clients (or, onbehalf of one client but not another), it has no way to expressthat intention. This inevitably leads to such programsbeing subject to the Confused deputy problem.The term "ambient authority" is used primarilyto contrast with capability-based security (including object-capability models),in which executing programs receive permissionsas they might receive data, as communicated first-class object references.This allows them to determine where the permissions came from,and thus avoid the Confused deputy problem. However, since thereare additional requirements for a system to be considered a capability system besides avoiding ambient authority,"non-ambient authority system" is not just a synonym for "capability system".Ambient authorityis the dominant form of access controlin computer systems today.The user model of access controlas used in Unix and in Windows systemsis an ambient authority modelbecause programs executewith the authorities of the user that started them.This not only means that executing programsare inevitably given more permissions(see Principle of least privilege)than they need for their task,but that they are unable to determinethe source or the number and types of permission that they have.A program executing under an ambient authority access control modelhas little option but to designate permissionsand try to exercise them, hoping for the best.This property requires an excess of permissionsto be granted to users or roles,in order for programs to execute without error.".
• Ambient_authority wikiPageID "9022539".
• Ambient_authority wikiPageLength "4413".
• Ambient_authority wikiPageOutDegree "14".
• Ambient_authority wikiPageRevisionID "660084562".
• Ambient_authority wikiPageWikiLink Access_control.
• Ambient_authority wikiPageWikiLink Access_control_list.
• Ambient_authority wikiPageWikiLink Capability-based_security.
• Ambient_authority wikiPageWikiLink Category:Access_control.
• Ambient_authority wikiPageWikiLink Category:Computer_security.
• Ambient_authority wikiPageWikiLink Confused_deputy_problem.
• Ambient_authority wikiPageWikiLink First-class_citizen.
• Ambient_authority wikiPageWikiLink First-class_object.
• Ambient_authority wikiPageWikiLink First-class_value.
• Ambient_authority wikiPageWikiLink Object-capability_model.
• Ambient_authority wikiPageWikiLink Principle_of_least_privilege.
• Ambient_authority wikiPageWikiLink Process_(computing).
• Ambient_authority wikiPageWikiLink Reification_(computer_science).
• Ambient_authority wikiPageWikiLink Role-Based_Access_Control.
• Ambient_authority wikiPageWikiLink Role-based_access_control.
• Ambient_authority wikiPageWikiLinkText "Ambient authority".
• Ambient_authority hasPhotoCollection Ambient_authority.
• Ambient_authority wikiPageUsesTemplate Template:Object-capability_security.
• Ambient_authority wikiPageUsesTemplate Template:Reflist.
• Ambient_authority subject Category:Access_control.
• Ambient_authority subject Category:Computer_security.
• Ambient_authority hypernym Term.
• Ambient_authority type Area.
• Ambient_authority type Article.
• Ambient_authority type Area.
• Ambient_authority type Article.
• Ambient_authority comment "Ambient authority is a term used in the study of access control systems.A subject, such as a computer program, is said to be usingambient authority if it only needs to specify the namesof the involved object(s) and the operation to be performed on themin order for a permitted action to succeed.".
• Ambient_authority label "Ambient authority".
• Ambient_authority sameAs m.027tv1y.
• Ambient_authority sameAs Q4741424.
• Ambient_authority sameAs Q4741424.
• Ambient_authority wasDerivedFrom Ambient_authority?oldid=660084562.
• Ambient_authority isPrimaryTopicOf Ambient_authority.