Le mardi 02 décembre 2014 à 10:25 +0100, Patrick Ohly a écrit : > On Mon, 2014-12-01 at 19:11 +0100, Karol Lewandowski wrote: (snip) > > > However, what I would warn (and advise) against is delegating policy > > checks to dbus-daemon where we can implement it directly in given service > > without > > too much trouble (ie. all services we are *the* upstream of). > > I tend to agree. However, I'm not exactly seeing the developers of those > services being particularly eager to do that work either. Has anyone > indicated that they even looked at Cynara and tried to use it in a > service? I only know of Kevron (Automotive Message Broker) and myself > (and I depend on the D-Bus patches because I need to secure upstream > D-Bus services).
Hi, That can be an interesting debate: can the security be orthogonal and applied at integration level from a system perspective or should it be intregrated inside services and if yes what is the model that could be derived from one security framework to another? Any of these directions have advantages. When I worked on SAPI (the dead project to integrate security) I have focused on orthogonality: the service is not changed but the integration layer takes care of the security using its own design. I'm still thinking that this approach has more advantages than requesting service to integrate the security, even if that last approach is easier to implement (at least outside of upstream in some cases). However, making security orthogonal is not easy at all. Keeping it separate from implementations of services seems to be a hard target. Thus I have no strong opinion on the subject. Cheers José Bollo _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
