[rsbac] Resources and Enhanced Role Compatibility
Amon Ott
rsbac@rsbac.org
Tue Oct 29 09:15:01 2002
On Monday, 28. October 2002 23:01, Jörg Lübbert wrote:
> Amon Ott schrieb:
> > I would rather make the extra functionality optional in RC to avoid
doubled
> > maintenance:
> >
> > - Hierarchical roles: subroles have (one or more) parent roles' rights
> > additional to own rights
> >
> > - Hierarchical types: rights to subtypes are add by rights to (one or
more)
> > parent type(s).
>
> Sounds good to me :)
OK, I will put it on my To-Do List...
> > We might make a config contest for the most difficult RC setup, which
still
> > works... ;)
>
> And so does this. :)
>
> How about making the RC module sensitive to linked libraries of a
> binary? Each linked library could add another set of predefined rc roles
> to the final binaries role access right set while still making sure that
> a predefined maximum access right role for that binary is not exceeded,
> which of course relies on a predefined maximum access right role that is
> mapped to the users ID? ;=)
Sounds like we should base everything on set theory and move towards
probabilistic access control... ;)
Amon.
--
http://www.rsbac.org