[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clever delegation ??

> Bill Frantz wrote:
> If you model the UNIX file system in a cert, (and borrowing heavily from
> the above example), you might be tempted to generate certs that named a
> particular file and then gave access rights to it (R, W, A, R A, R W, R W
> X, etc.)  In this case, each of the parameters adds to the set of
> authorized actions.  As Franco Papacella <franco@goldnet.ch> points out, if
> the combiner does an intersection, we get the correct results.
> Bill, 
> I have thought about using SPKI certs as a replacement for Compartmented Mode 
> Workstations (CMW) DAC and MAC access controls. If one wants a union rather than 
> an intersection, isn't this where PolicyMaker should come into play? If you want 
> to authorize RW access to a file, issue two certificates to PolicyMaker and get 
> the union certificate as a result.
> You could augment this approach with other certificates. For example, the 
> subject might need to present a certificate of computer update training to gain 
> access to a file.
> Jim Rome

I apologize in advance if I'm just muddying the water here, but it still
looks to me as though the thing we're trying to model in chain reduction
is necessarily intersection.  Therefore, intersection is the only proper
means of accomplishing it.  This follows from the basic intent that no
principal can grant permissions which it does not possess.  Doing unions
would only be meaningful where the same issuer grants multiple permissions
to the same subject, and in this case, again there seems to be no question
about how it must be done.

Somebody tell me what I've missed...


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162