[rsbac] Resources and Enhanced Role Compatibility

Amon Ott rsbac@rsbac.org
Tue Oct 29 09:15:01 2002

Previous message: [rsbac] Resources and Enhanced Role Compatibility
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, 28. October 2002 23:01, Jörg Lübbert wrote:
> Amon Ott schrieb:
> > I would rather make the extra functionality optional in RC to avoid 
doubled
> > maintenance:
> >
> > - Hierarchical roles: subroles have (one or more) parent roles' rights
> > additional to own rights
> >
> > - Hierarchical types: rights to subtypes are add by rights to (one or 
more)
> > parent type(s).
> 
> Sounds good to me :)

OK, I will put it on my To-Do List...
 
> > We might make a config contest for the most difficult RC setup, which 
still
> > works... ;)
> 
> And so does this. :)
> 
> How about making the RC module sensitive to linked libraries of a
> binary? Each linked library could add another set of predefined rc roles
> to the final binaries role access right set while still making sure that
> a predefined maximum access right role for that binary is not exceeded,
> which of course relies on a predefined maximum access right role that is
> mapped to the users ID? ;=)

Sounds like we should base everything on set theory and move towards 
probabilistic access control... ;)

Amon.
--
http://www.rsbac.org

Previous message: [rsbac] Resources and Enhanced Role Compatibility
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]