access control projects


From: don@sabotage.org
Subject: access control projects
Date: Sat, 26 Jun 1999 05:13:45 +0200 (CEST)

Next Article (by Subject): Re: access control projects ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): 1.0.9a-pre4 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: access control projects ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Recently there has been increased interest in using different access control
mechanisms. Capabilities have gotten quite a bit of press lately, and I know
that there was once an ACL project. I'm starting a project to implement
Domain and Type enforcement. It occurs to me that with so many projects working
in essentially the same area of the kernel it would be a good idea to have
a site to collaborate, and also explain the differences in access control
systems to interested parties. I know that the RSBAC project in my opinion is
the furthest along, so I would like to solicit your cooperation.

Additionally, since you're already familiar with the operation of some
important pieces of the linux kernel (the workings of the open() call, for
example) I would appreciate if you'd be willing to share your knowledge to
help with the project I'm working on, Domain and Type Enforcement. It works
by grouping subjects into domains, objects into types, and assigning access
rights from domains to types and also domains to domains. The access
permissions are not visible to the programs, but are enforced subtancially
as a mandatory control with a few qualifications. 

The server I'll be using is already set up and I'll be ready to announce it
soon as a configurable access control effort. I just wanted to get other
people's take on this, especially from a project as far along as RSBAC. I
think by working together though we'll have a better change of getting common
interfaces or changes accepted, such as getting changes made in the inode
structure. I'm already on the RSBAC mailing list so there's no need to cc me.

Don
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: access control projects ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): 1.0.9a-pre4 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: access control projects ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.