From: chris hibbert <>
Date: Sun, 01 Dec 2002 19:25:44 -0800
Subject: Re: [e-lang] Commentary on Wallach's "Extensible Security Architectures for Java"

MarkM responded to (one of) Jonathan's criticism of Ping's paper:
 > If there's a bi-directional bit channel between Bob and Mallet, then
 > Bob *cannot* be prevented from delegating his authority over the
 > power to Mallet, since he can set up a laundry (or proxy) within
 > himself that accepts instructions from Mallet about how to employ
 > the power.

And Jonathan answered:
 > True, but not relevant. The question was can bob *transfer*
 > authority, not can bob perform a de facto delegation of
 > authority.

Jonathan: read Ping's words again.  He said "communicating conspirators 
cannot be prevented from delegating authority in any system".   As I 
read Ping's comments, that's exactly what he meant.  I don't think 
there's any reasonably charitable interpretation of Ping's words using 
the concept of "transfer" rather than "launder" for which we'd expect 
Ping to be able to defend a claim that something "can't be prevented in 
any system."   He must have meant that Bob can always ensure that 
Mallet's wishes will be carried out as long as Bob has authority, and 
Bob and Mallet can communicate. shap

Currently reading:  Mancur Olsen, Power and Prosperity;
      Judea Pearl, Probabilistic Reasoning in Intelligent
      Systems; Michael Gear, The Artifact

Chris Hibbert

e-lang mailing list