[rsbac] Resources and Enhanced Role Compatibility

Amon Ott rsbac@rsbac.org
Mon Oct 28 09:39:01 2002

On Saturday, 26. October 2002 17:24, Jörg Lübbert wrote:
> Meanwhile, a subject having many roles would still be great and quiet
> easy to implement if the rights of every single role are added to the
> final set of a subjects rights (instead of a user having to switch
> between the single roles).

RC deliberately has single roles for subjects only. This avoids all the 
problems with mutual exclusive roles for separation of duty (including 
uncontrolled flow of information) and keeps the model simpler.

My paper for the NordSec conference next week discusses this in a comparison 
to RBAC and DTE models. It will be published on rsbac.org after the 
conference. I already got people saying that RC model is too complex, so I 
will be very slow in adding more options.

> My suggestion about resource control via RSBAC is still valid btw ;)
> It'd be great to control cpu time, memory and max open files via RSBACs
> RC and ACL module.

For me, resource control does not fit well into these models. However, it can 
be easily fitted into the CAP module, similar to the existing min and max 
values for capabilities.

RC and ACL can already be used to prevent changes to existing limits through 
the SCD rlimit target, but I agree that this is not sufficient.
> And I also had the idea that it would be nice to have Type groups
> instead of only the types (which gets a bit out of control if you have
> many types for different purposes and often add and delete types). It'd
> be really great and easy to maintain if you could have something like
> that in RSBAC...

Again, it would make the model even more complex. Are you thinking of a type 
hierarchy, where rights to master types are inherited to subtypes as well? 

This would be very powerful, but you would have to consider the whole 
hierarchy whenever you wanted to adjust rights to an object. Currently, you 
just consider the role and the effective type.