[Drizzle-discuss] Security Models

Wed, 03 Dec 2008 11:50:10 -0800

I'm starting to ponder security models for Nimbus. Perhaps drizzle is happy with a basic model, but a discussion is probably well worth having.
The basic problem is that the standard SQL security is rather dated -- designed for interactive time sharing but deployed in a world dominated by application servers. Application servers: 

   * Need to connect to database to identify and authenticate their client
   * Serve a wide range of clients ranging from the system
     manager/DBA/god (or even Sheeri).
   * Need to block unauthorized updates and filter content as
     appropriate to individual clients
   * Provide a mechanism to track access and security violations
     Verizon can fire employee-snoopers


Netfrastructure (present but dormant in Falcon) has a flexible role 
model (sorry, I couldn't resist the pun) in which privileges are 
assigned to roles, arbitrary sets of roles (some active, some dormant) 
associated with accounts, application can activate/deactivate roles 
within a session, and access control determined by roles active.  
Layered on on of this are "filtersets" -- a named collection of <table, 
boolean> pairs:


   create filterset <name> ( <table> : <boolean> [, ...])


When a table referenced by an active filter set is compiled, the 
associated boolean is added as a conjunct to the selection expression 
(this is applied recursively, so if one filterset boolean references 
another table, that table's boolean gets tossed into the brew as well).


Filterset booleans often contain the relational expression:

   <role name> IS ACTIVE

have access to session variables, and can reference the table in question.

So here some are questions that I am considering:

   * Is there a better way for a client to authenticate itself than
     account/password?
   * Are there other (or better) security models that the flexible role
     model?
   * How should access and security logging interact with the rest of
     the system?
   * What other declarative mechanisms in the database reduce the
     complexity and cost of applications?
   * Is adaptive security a concept that would be useful in the
     database context?
   * What else have we missed?


Any ideas or thought?  Even if they don't fit in drizzle, there's always 
Downpour.


--
Jim Starkey
President, NimbusDB, Inc.
978 526-1376


_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help   : https://help.launchpad.net/ListHelp














    











					Reply via email to