Hi Steve, On 12.11.2012 21:00, Steve Grubb wrote:
I think its a bad idea to have too much flexibility for access control systems. They have to be verifiable. If you have to comply to PCI-DSS or the DISA STIG or any other standard, you have to be able to demonstrate you are in the approved config. No one can write a test that can tell if the rules really are sound. So, what will happen is one set will be chosen for better or worse, it will be SHA256 hashed. And no one can change anything in it without being out of compliance. The benefit of the name=value setup is that we can pick out the things that matter and skip everything else which truly gives flexibility when needing to demonstrate compliance.
My question is: Whether be acceptable the required compliance analysis to be performed on rules written in simplified rule language like Datalog instead of imperative scripted evaluation in some future version of polkit ... ?
(It seems to me that e.g. Datalog is good enough both as flexibility and static analysis (symbolic evaluation), furthermore IMO declarative rules are less error prone for sysadmins than scripting)
Kind Regards, Alek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
