[Next]
[Up]
[Previous]
[Contents]
Next: 4.3.7 [IMAGE ]How do
Up: 4.3 Administrator
Previous: 4.3.5 [IMAGE ]What is
4.3.6 [IMAGE ]Where are access control lists stored?
[ed. For more detailed and alternative answers see SecSIG mail list discussion
thread titled ``Granularity of Invocation Access Controls'']
- Bob Blakley
- (June, 1999)23:
In Policy objects, which are associated with the DomainManager instance
corresponding to the domain whose policy they define.
- Polar Humenn
- (June, 1999) 24:
If one subscribes to the D[omain]A[ccess]P[olicy]/R[equired]R[ights]
access decision logic, they are stored in basically two places. A DomainAccessPolicy,
which maps security attributes to rights (although that mapping is not well
defined), and the RequiredRights object (which is locality constrained).
I guess their persistence is up for grabs behind the implementation as far as
the specifciation goes.