Hi Vivek, Well you could cryptographically sign the data and check the signature in case you want to verify that the data was not modified.. and you should require all the nodes to sign the data that they modify and make sure that no node accepts data that is not signed.. Just an idea.. I have not done anything like this. Regards, Sunil.
On Tue, Nov 2, 2010 at 9:26 PM, Ken Wesson <kwess...@gmail.com> wrote: > On Tue, Nov 2, 2010 at 11:03 AM, Vivek Khurana <hiddenharm...@gmail.com>wrote: > >> Hi! >> >> I am currently developing an application where I need to enforce >> certain policy on clojure code. My requirement is that code+data can >> be sent to a remote node and based on certain access control and >> config, one should be able to control whether the remote node is >> allowed to execute code or has read only access to the data. The >> permission to execute the code can be fine grained such as the remote >> node can only edit specific section(s) of the record while it ca read >> all the section. >> A common example of this can be health data. One can send patient >> record to a remote node and remote node is allowed to add new rows to >> specific sections or edit certain sections. >> Any one who has worked on a similar problem ? I am stuck for not been >> able to find a way to enforce the policy on the code+record sent to >> remote node using clojure. >> > > That seems impossible assuming you don't trust the software running on the > other node. > > What's possible instead is to give data to the remote node on a > need-to-know basis, keep a local copy, and have the remote node submit a > changed version of the data to the local node, which then uses the local > copy to undo any changes that are outside of what is permitted (or to detect > them and reject the entire transaction if any occurred, etc.). > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com<clojure%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
