[anonsec] BYPASS OR PROTECT

[Stephen Kent]

At 10:47 AM -0500 4/4/07, Nicolas Williams wrote:
>On Wed, Apr 04, 2007 at 11:17:57AM -0400, Stephen Kent wrote:
>>  Good points.  I think this says we may need another SPD extension,
>>  one that marks rules as ones that are inviolable, vs. ones that may
>>  be overridden by a user/app as you described above.
>
>Another way to look at it is to have system policy determine insertion
>points into the SPD for app-requested rules -- since the SPD is ordered
>then the insertion points determine what rules the apps can "punch
>holes" into.  There could be multiple such insertion points,
>corresponding to multiple local privilege levels.

one could do that, although I worry that this sounds fairly complex, 
especially because it sounds like changes in SPD affect where 
different rules apply.

>So the SPD extension, then, would be a rule type that declares an
>insertion point for specific applications or local privileges.

how would one define the insertion point in a way that doesn't get too complex?

>Since there's more than one way to represent this we need English-
>language text and a canonical representation that implementors can
>ignore, provided that they provide equivalent functionality.

agreed.

>Personally I prefer the insertion point approach since it does not
>require modifying existing rules.  Your notion of "inviolable" rules
>maps into placing such rules ahead of any insertion points.

I see what you mean, and I appreciate the generality, but I do worry 
about creating a sophisticated access control capability that will 
induce management errors.

Steve