[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clever delegation ??
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Brian" == Brian M Thomas <email@example.com> writes:
>> Compartmented Mode Workstations (CMW) DAC and MAC access
>> controls. If one wants a union rather than an intersection,
>> isn't this where PolicyMaker should come into play? If you want
>> to authorize RW access to a file, issue two certificates to
>> PolicyMaker and get the union certificate as a result.
You get a union operation by presenting two certificates to
the file server. Brian is NOT muddying the water at all, but making it
Brian> accomplishing it. This follows from the basic intent that
Brian> no principal can grant permissions which it does not
Brian> possess. Doing unions would only be meaningful where the
Brian> same issuer grants multiple permissions to the same
Brian> subject, and in this case, again there seems to be no
Brian> question about how it must be done.
Brian> Somebody tell me what I've missed...
] IETF #38. In Memphis, TN. Elvis is in the terminal room! | one quark [
] Michael Richardson, Sandelman Software Works, Ottawa, ON | two quark [
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----