An Initial Response to Schneier’s Access Control Blog

One of the accomplishments of capabilities is to make “information (and access thereto) granular”.
Schneier notes briefly that need to know is often unforeseen and must be granted expeditiously when needed. The main reason for this is delegation. X’s skill or knowledge is required to address some situation. Y, who knows of the situation and X’s skill and has access to the necessary sensitive data must quickly grant access for that data, to X. This is also conditioned on the discretion of X. Granting access may be precluded if X is possibly disloyal or merely incompetent to keep his mouth shut.

X may be a software agent installed in a computer system. In this case, depending on the platform, and on the necessary actions of X to resolve the situation, it may be possible to confine X and thus limit the danger of revealing the sensitive data. Capabilities can do this too.

If Y is also a software agent then access to the sensitive data is presumably held by as a capability. General capability systems naturally afford the ability to narrow the authority to a narrower authority in the form of another capability. If the required access is mere read access to a small amount of data, then Y may merely copy the data for X.