[anonsec] BYPASS OR PROTECT
kent at bbn.com
Thu Apr 5 04:18:07 PDT 2007
At 10:47 AM -0500 4/4/07, Nicolas Williams wrote:
>On Wed, Apr 04, 2007 at 11:17:57AM -0400, Stephen Kent wrote:
>> Good points. I think this says we may need another SPD extension,
>> one that marks rules as ones that are inviolable, vs. ones that may
>> be overridden by a user/app as you described above.
>Another way to look at it is to have system policy determine insertion
>points into the SPD for app-requested rules -- since the SPD is ordered
>then the insertion points determine what rules the apps can "punch
>holes" into. There could be multiple such insertion points,
>corresponding to multiple local privilege levels.
one could do that, although I worry that this sounds fairly complex,
especially because it sounds like changes in SPD affect where
different rules apply.
>So the SPD extension, then, would be a rule type that declares an
>insertion point for specific applications or local privileges.
how would one define the insertion point in a way that doesn't get too complex?
>Since there's more than one way to represent this we need English-
>language text and a canonical representation that implementors can
>ignore, provided that they provide equivalent functionality.
>Personally I prefer the insertion point approach since it does not
>require modifying existing rules. Your notion of "inviolable" rules
>maps into placing such rules ahead of any insertion points.
I see what you mean, and I appreciate the generality, but I do worry
about creating a sophisticated access control capability that will
induce management errors.
More information about the ANONSEC