Re: Plans with RSBAC

From: Vadim Kogan <vadim@scam.XCF.Berkeley.EDU>
Subject: Re: Plans with RSBAC
Date: Thu, 7 Oct 1999 10:16:07 -0700 (PDT)

Next Article (by Date): Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Maint / non-maint dependency in ACL ao@morpork.shnet.org (A. Ott)
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]

On 7 Oct 1999, A. Ott wrote:

> I currently plan to add or change the following (in time order):
> 
> - Add ACL groups:

Sounds good to me so far. With the only problem that current ACL and
future rights need to be analyzed for orthogonality (can't come up with a
better word, but you know what I mean)

> 
> - Do we need ACL menu tools, or are the command line tools sufficient?

Yes, we do. And I hope I'll have time to help with those. In order for
RSBAC-based distribution to be helpful, it should be manageable. It should
be admin-friendly, and while admins are comfortable with ls/rm/cp/etc,
RSBAC roles/ACLs/etc are much more complex and overlap, so more intuitive
representation is needed.

Socket stuff I'll need to think more about after sockets are persistent.
At least for me, the scheme of using them will emerge from needs of
distribution (that also will hopefully make sure that we don't add
unneeded rights).

Couple of other things that I'd like to mention (low priority probably):

role-setting daemon (not 100% sure it's needed though, need to analyze
more)

secure truncate (i.e. a variation on what we have now, but really secure.
Should not replace current code, but rather add another feature).

Vadim.

-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.