Re: Revised list of restrictions and privelege attributes
rsalz@osf.org Fri, 12 November 1993 20:37 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa12005; 12 Nov 93 15:37 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa12001; 12 Nov 93 15:37 EST
Received: from venera.isi.edu by CNRI.Reston.VA.US id aa21066; 12 Nov 93 15:37 EST
Received: from postman.osf.org by venera.isi.edu (5.65c/5.61+local-14) id <AA14853>; Fri, 12 Nov 1993 12:03:44 -0800
Received: from sulphur.osf.org by postman.osf.org (5.64+/OSF 1.0) id AA14822; Fri, 12 Nov 93 15:03:43 -0500
Received: by sulphur.osf.org (1.37.109.4/4.7) id AA02768; Fri, 12 Nov 93 15:03:51 -0500
Date: Fri, 12 Nov 1993 15:03:51 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: rsalz@osf.org
Message-Id: <9311122003.AA02768@sulphur.osf.org>
To: bcn@isi.edu, ietf-aac@isi.edu
Subject: Re: Revised list of restrictions and privelege attributes
I am having a bit of trouble understand this whole first paragraph. Either some ASCII art, or a concrete example showing a user doing something like FTP speaking to an ftp server on another machine? > A proxy inherently grants certain rights The server that controls the data (i.e., the reference monitor) is the entity that actually grants the rights -- it interprets the chain and decide whether or not to satisfy the request. > A flags >field associated with each kind of attribute encodes the appropriate >behavior if the interpretation of the attributed is not known. Reading the next section (Attributes and Restrictions), however, makes me think that I'm reading this wrong and that you do really intend to attach rights to identities, and not attach rights to objects inside the server. Is that right? If so, that's wrong. :-) Can someone explain why the Posix ACL model is not sufficient? >Conceptually, the DCE privilege attribute certificate specifies both >group information and the local UID. The name of the privilege server >is derived from the name of the principal signing the proxy. A DCE pac does not include a local UID. This information is available through the DCE security service, but it is *never* used in making DCE authorization decisions. It is also important to note that a DCE PAC never includes any rights. It contains only a set of DCE UUID's which identify the user and their group membership(s). There are various levels of certification which can be used on this data. The strictest is that a Kerberos-like session key is used to encrypt the PAC so that only the server can decrypt it; as an intermediate level it can be crypto checksum'd just to make it tamperproof. >encourage the use of GROUP_MEMBERSHIP and LOCAL_UID instead. Using LOCAL_UID is probably not a good idea; what does that mean on an MSDOS machine talking to an MVS and Unix server? /r$