Authority is what matters. Historically, permissions have been the lamppost: the key isn’t there, but the light of formal analysis shines brighter. Many of the damaging myths are founded in this misdirection of attention.

Mark Miller

We have adopted “authority” to refer to those actions that a program, operating in some environment, can take to acquire information or change the state of things outside itself. The more restrictive term “permissions” refers to just those steps immediately allowed by the primitive protection mechanisms. The authority of a program describes what it is possible for the program to do as it acts, according to its permissions, to change things including its permissions. These acts may also include calling other programs, permissions allowing, to acquire information, change state and change permissions. This is roughly the transitive closure of what is allowed by the permission mechanisms and their state.

We use “authority” as a technical term taken from ordinary usage. As we use it we hope that the analogy is appropriate, but mutatis mutandis, as with all metaphors. In common usage when we say that a bank president has the authority to terminate a bank customer, we do not mean that he knows the detailed key-strokes to do so, nor even that he knows the password necessary to enable those key-strokes, but he knows who does know and how to contact that person and convey instructions to do so.

It the bank’s computers run Unix then there will be no permissions bits describing such authority, but there may be a password tantamount to such authority. If the computers run a capability platform, then there is likely to be a capability in the system that conveys just this cancelation authority to whatever program holds that capability. In this situation I think that the metaphor is very close.

In common usage “authority” usually means that certain actions are deemed appropriate by those with such authority. The deemers, in this case, may be law authorities, some enterprise, or the public at large. In these cases there is probably no technical means to immediately prevent unauthorized steps. This would seem to be the case with Leeson of Barings bank or just last week Kerviel of Société Générale. The meaning shift in our usage of “authority” emphasizes computer mechanisms to match possible actions with authorized actions.

Perhaps we need a modifier to the word “authority” for contexts where the word might be taken to refer to some meaning which is conventional and contradictory to what we intend. “Ordinary authority” might do. I do not propose to avoid the term; metaphors, such as “memory”, are powerful and useful in the computer context.