Hank Beaver

REVISED:

ACL, privilege , permission system based on sum of exponents. {REVISED: sum of square exponents from 2 and including 1} Huh?

A little theory:

Look at this NOW: Masking

Idea/Premise:

I present the automatic bar tender. It makes sure people of age get served beverages and also people who have partial liver failure only get beer.

RULES:
Everyone has a number on their driver’s license. It’s a single number that can’t be forged (please assume this). it’s easy to read and easy to carry. The automatic bartender can read this simply by scanning your license. Let’s call it your “Permission Number”:

Permission Number Examples

List of possible drinks, these numbers are all square exponents of 2 and including
————————
1 Drink Water
2 Drink Soda
4 Drink Beer
8 Drink Gin

The sum of all permission numbers in binary might be represented as:

00001111

Permission numbers for our test subjects. These are created by SUMming the permission numbers.
———————
Sara:
1 Drink Water
+ 4 Drink Beer
+ 8 Drink Gin
————
Permission Number = 13 (00001101)

Fun Bobby:
+ 4 Drink Beer
+ 8 Drink Gin
————
Permission Number = 12 (00001100)

Underage Kid:
+ 1 Drink Water
+ 2 Drink Soda
————–
Permission Number = 3 (00000011)

Ok now that the example people have their numbers. Let’s play fun. The math is really simple. Because each drink permission is subject to masking, I can tell by your single permission number what drinks you can drink.

Ordering Drinks Example(paste into irb for fun!):

#!/usr/bin/ruby
class Rbar_Tender  #rbar_tender.rb

########################################
# The bartender. He's actually very stupid.
########################################
def self.order_drink(drink_permission,person_permission)

response = "Talk to the manager, I can't serve you now."
if (person_permission.to_i & drink_permission.to_i) > 0
response =  "here's your drink, thanks for your business."
end
return response
end
end #end of class

#basic permissions
drink_water = 1 #0001b
drink_soda = 2 #0010b
drink_beer = 4 #0100b
drink_gin = 8 #1000b

#people's permissions
sara_permission = 13 #1101 #assigned during walking into bar with ID.

#open for business
puts "sara wants a beer..."

#drink_beer.to_i & sara_permission.to_i
puts Rbar_Tender.order_drink(drink_beer,sara_permission)

puts "\n...a minutes later....\n\n"

puts "sara wants a soda..."
#drink_soda.to_i & sara_permission.to_i
puts Rbar_Tender.order_drink(drink_soda,sara_permission)

What is your point Hank? Well, in applications and web applications in particular, you need lot’s of permissions to do stuff. I mean literally dozens or hundreds of unique permissions:
*Login to your account.
*Delete pictures.
*Email a friend.

When someone wants to do something, you check that persons own record if they have access. Below are some examples of permissions you might have to look up each time for each person (NOTE looking this up takes time and resources), I’ve included a 2 exponent example beside it:

HAS_LOGIN_ACCESS (64)
HAS_DELETE_PICTURE_ACCESS (256)
HAS_EMAIL_FRIEND_ACCESS (1024)
HAS_ABILITY_TO_INVADE_IRAQ (73,786,976,295,000,000,000)

——
But wouldn’t it be cooler and use a lot less typing to have a single number, say for me 19. And magically b/c of math, we know what you are permitted to do. No database look ups for each time you need to do something. Your number IS what you can do. And each time you do an ACTION, that action has it’s permission number.

UPDATE: 7/21/2007

The above idea does have one limitation. DUH! The permission numbers grow exponentially as we add permissions. Simply having 66 permissions creates the huge number for HAS_ABILITY_TO_INVADE_IRAQ above. So I will explore something like TCP with a series of 8 or 16 bit binaries and do XOR on those instead. So the above permissions would be like so:

HAS_LOGIN_ACCESS (1000010)
HAS_DELETE_PICTURE_ACCESS (100000000)
HAS_EMAIL_FRIEND_ACCESS (10000000000)…

H