[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ideas from the I&A Forum (DCE file permissions)
At 11:52 AM 7/10/96 -0400, Rich Salz wrote:
>> I still don't know what the DCE "T: test" permission is
>> good for, so I can't suggest we add it. Rich?
>
>The "T (test)" permission is useful when --
> - You only want to grant someone "read ACL" rights, and not "read object"
> rights. As in "ls -l" vs. "cat"
Is this different from giving read permission on the directory file but not on the files in that directory?
> - You want to allow a comparison without disclosing the full state,
> such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
> As in "grep ... >/dev/null ; echo $status" vs. "cat"
In the hypothetical file system protected by SPKI certs, I believe this concern translates to the ability to read certs themselves. Am I understanding you?
That's something we just didn't address.
>Hope this helps. Nice seeing you again Carl.
Yup -- it helps. Nice seeing you again, too..
- Carl
From ???@??? Fri Jul 12 13:18:05 1996
To: Rich Salz <rsalz@osf.org>
From: Carl Ellison <cme@cybercash.com>
Subject: Re: Ideas from the I&A Forum (DCE file permissions)
Cc: spki@c2.org
Bcc:
X-Attachments:
At 11:52 AM 7/10/96 -0400, Rich Salz wrote:
>> I still don't know what the DCE "T: test" permission is
>> good for, so I can't suggest we add it. Rich?
>
>The "T (test)" permission is useful when --
> - You only want to grant someone "read ACL" rights, and not "read object"
> rights. As in "ls -l" vs. "cat"
Is this different from giving read permission on the directory file but not on the files in that directory?
> - You want to allow a comparison without disclosing the full state,
> such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
> As in "grep ... >/dev/null ; echo $status" vs. "cat"
In the hypothetical file system protected by SPKI certs, I believe this concern translates to the ability to read certs themselves. Am I understanding you?
That's something we just didn't address.
>Hope this helps. Nice seeing you again Carl.
Yup -- it helps. Nice seeing you again, too..
- Carl
From ???@??? Fri Jul 12 13:49:43 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
id AA13099; Fri, 12 Jul 96 13:44:53 EDT
Received: by callandor.cybercash.com; id NAA20514; Fri, 12 Jul 1996 13:45:51 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
id xma020502; Fri, 12 Jul 96 13:45:22 -0400
Received: by infinity.c2.org (8.7.4/8.6.9)
id KAA00153 for spki-outgoing; Fri, 12 Jul 1996 10:16:26 -0700 (PDT)
Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960712171810.0030f788@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 12 Jul 1996 13:18:10 -0400
To: Rich Salz <rsalz@osf.org>
From: Carl Ellison <cme@cybercash.com>
Subject: Re: Ideas from the I&A Forum (DCE file permissions)
Cc: spki@c2.org
Sender: owner-spki@c2.org
Precedence: bulk
X-UIDL: 758eb963ba06f2ec6987e769689c807e
At 11:52 AM 7/10/96 -0400, Rich Salz wrote:
>> I still don't know what the DCE "T: test" permission is
>> good for, so I can't suggest we add it. Rich?
>
>The "T (test)" permission is useful when --
> - You only want to grant someone "read ACL" rights, and not "read object"
> rights. As in "ls -l" vs. "cat"
Is this different from giving read permission on the directory file but not
on the files in that directory?
> - You want to allow a comparison without disclosing the full state,
> such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
> As in "grep ... >/dev/null ; echo $status" vs. "cat"
In the hypothetical file system protected by SPKI certs, I believe this
concern translates to the ability to read certs themselves. Am I
understanding you?
That's something we just didn't address.
>Hope this helps. Nice seeing you again Carl.
Yup -- it helps. Nice seeing you again, too..
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+