From: "Paul D. Robertson" <proberts@clark.net>
Subject: Re: Plans with RSBAC
Date: Sun, 17 Oct 1999 20:51:36 -0400 (EDT)
Next Article (by Date): Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: Overlapping rights ? ao@morpork.shnet.org (A. Ott)
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
On 7 Oct 1999, A. Ott wrote: > Hi all! > > I'd like to discuss my current RSBAC wishlist with interested people like > you. Please give comments and new wishes, if you need something else - > this is another planning phase to keep me busy for a while... ;) I've been thinking about a few things, but I'm not sure how much is "haven't played around enough..." and how much is "Hmmm, this is kind of a neat idea, but not ultimately useful." First with MAC (and I'm currently building another test system, so point me to TFM if appropriate) is there a way to set a system default value so that any user that isn't assigned to a MAC category can't run anything (or indeed log on), until they're added to the "lowest MAC necessary to log on?" This would be so that I could set SYSTEM_MAC to say "secret", and then add a user, set the login process and maybe /bin/sh to "unclassified", and add the user to "unclassified" and they'd only be able to run what was specificly downgraded to that MAC? A user added to "secret" would be able to run anything that wasn't specificly upgraded to "top secret", etc. Is this already a feature, or am I hoping (I tend to think in MAC compartment units, but roles would be useful this way too) Secondly- I'm still working with some ideas on what I like to think of as "two man missile key" control, where it takes two people to launch a given capability or role. Ideally, that would include some mechanism to "half-grant" a role, MAC or privilige to a user, with the other (preferably configurable in number, but two works for me initially) grantor assigning the other half of the role. This would essentially mean a mechanism where security officer would be split into multiple pieces, so that the role of granting roles wouldn't be tied to a specific person. For instance, if you had a security officer s2-1 and a second security officer s2-2, s2-2 could half-grant access to the system, or to a MAC to user "newbie." Then S2-1 would have to half-grant the same access to newbie for newbie to be able to {assume a role, access information at a MAC...} Ideally, it would, after initial configuration take both administrator keys to add a new administrator to the mix. Possible "2 of 3" would be a better rule, so that there could be an ID in the safe with credentials should S2-1 leave... (Hmmm, I'm not sure that makes sense to anyone but me, questions welcomed) Thanks, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@clark.net which may have no basis whatsoever in fact." PSB#9280 - To unsubscribe from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: Overlapping rights ? ao@morpork.shnet.org (A. Ott)
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]