[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clever delegation ??
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Brian" == Brian M Thomas <bt0008@entropy.sbc.com> writes:
>> Compartmented Mode Workstations (CMW) DAC and MAC access
>> controls. If one wants a union rather than an intersection,
>> isn't this where PolicyMaker should come into play? If you want
>> to authorize RW access to a file, issue two certificates to
>> PolicyMaker and get the union certificate as a result.
You get a union operation by presenting two certificates to
the file server. Brian is NOT muddying the water at all, but making it
clearer.
Brian> accomplishing it. This follows from the basic intent that
Brian> no principal can grant permissions which it does not
Brian> possess. Doing unions would only be meaningful where the
Brian> same issuer grants multiple permissions to the same
Brian> subject, and in this case, again there seems to be no
Brian> question about how it must be done.
Brian> Somebody tell me what I've missed...
] IETF #38. In Memphis, TN. Elvis is in the terminal room! | one quark [
] Michael Richardson, Sandelman Software Works, Ottawa, ON | two quark [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBM0ksusmxxiPyUBAxAQGpwgL/WlEKx+NhTsYHokLun7F2LweVlE4ov+Jo
Zurags0dgan1esV+SP2TYHSfqW/0JY8bOzFwl2Mxw4efekpBfKLqZBF/G6YXFjfo
eej2ZRA+V//C+B2ziWFNPKaEQwpLIw2K
=abut
-----END PGP SIGNATURE-----
References: