[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ideas from the I&A Forum (DCE file permissions)

To: Rich Salz <rsalz@osf.org>
Subject: Re: Ideas from the I&A Forum (DCE file permissions)
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 12 Jul 1996 13:18:10 -0400
Cc: spki@c2.org
Sender: owner-spki@c2.org

At 11:52 AM 7/10/96 -0400, Rich Salz wrote:
>> I still don't know what the DCE "T: test" permission is
>> good for, so I can't suggest we add it.  Rich?
>
>The "T (test)" permission is useful when --
>    -	You only want to grant someone "read ACL" rights, and not "read object"
>	rights.  As in "ls -l" vs. "cat"

Is this different from giving read permission on the directory file but not
on the files in that directory?

>    -	You want to allow a comparison without disclosing the full state,
>	such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
>	As in "grep ... >/dev/null ; echo $status" vs. "cat"

In the hypothetical file system protected by SPKI certs, I believe this
concern translates to the ability to read certs themselves.  Am I
understanding you?

That's something we just didn't address.

>Hope this helps.  Nice seeing you again Carl.

Yup -- it helps.  Nice seeing you again, too..

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+

Prev by Date: Re: Ideas from the I&A Forum
Next by Date: Re: Ideas from the I&A Forum
Prev by thread: Re: Ideas from the I&A Forum
Next by thread: Re: Ideas from the I&A Forum (DCE file permissions)
Index(es):
- Main
- Thread