[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [hrac resources]

To: hrac-rfp@cs.fiu.edu
Subject: RE: [hrac resources]
From: barkley@sdct-sunsrv1.ncsl.nist.gov (John Barkley)
Date: Wed, 5 Aug 1998 11:09:31 -0400
Sender: owner-hrac-rfp@cs.fiu.edu

With regard to Juggy and John's comments on the proposed resource structure:

I don't wish to speak for the proposers (Bob and Carol) of the resource 
structure but it was my impression that the proposal was directed at the 
structure of resources not the struture of resource metadata. In other words,
each element of a path is a resource with which security metadata
(e.g., name/value pairs as John describes) about that element may be associated.
The resouce structure may be independent of any metadata structure. The
resource structure may not have any relationship to metadata structure.

Access to the rightmost element of the path is a function of rules that
are applied to each element of the path. These rules may use security
metadata associated with any element of the path as well as other things
including metadata structure and the content of any element of the path.

The example given in the original proposal are Unix files where each
element of the path is a resource (directory or file) which has associated
metadata (userid, groupid, permission bits) where access to the rightmost
element of the path is determined by the metadata associated with each
path element according to the usual well known rules. The fact that
users and groups have a structural relationship (users are members of
groups) is independant of file directory structure and only effects
access rules of path traversal.

Juggy's examples are fine illustrations of policy but show a resource
organization which is a function of metadata organization. 
It is not my impression that resource organization according to metadata was 
intended in the proposal. Organizing resources usually has to do more with
efficient access than security metadata structure considerations or
an ability to express authorization policies.  

jb
----------------
Broadcast message to hrac-rfp from barkley@sdct-sunsrv1.ncsl.nist.gov (John Barkley).
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Follow-Ups:
- Re: [hrac resources]
  - From: Konstantin Beznosov <beznosov@baptisthealth.net>

Prev by Date: Re: [hrac resources]
Next by Date: Re: [hrac resources]
Prev by thread: Re: [hrac resources]
Next by thread: Re: [hrac resources]
Index(es):
- Date
- Thread