I'm starting to ponder security models for Nimbus. Perhaps drizzle is happy with a basic model, but a discussion is probably well worth having.

The basic problem is that the standard SQL security is rather dated -- designed for interactive time sharing but deployed in a world dominated by application servers. Application servers:

   * Need to connect to database to identify and authenticate their client
   * Serve a wide range of clients ranging from the system
     manager/DBA/god (or even Sheeri).
   * Need to block unauthorized updates and filter content as
     appropriate to individual clients
   * Provide a mechanism to track access and security violations
     Verizon can fire employee-snoopers

Netfrastructure (present but dormant in Falcon) has a flexible role model (sorry, I couldn't resist the pun) in which privileges are assigned to roles, arbitrary sets of roles (some active, some dormant) associated with accounts, application can activate/deactivate roles within a session, and access control determined by roles active. Layered on on of this are "filtersets" -- a named collection of <table, boolean> pairs:

   create filterset <name> ( <table> : <boolean> [, ...])

When a table referenced by an active filter set is compiled, the associated boolean is added as a conjunct to the selection expression (this is applied recursively, so if one filterset boolean references another table, that table's boolean gets tossed into the brew as well).

Filterset booleans often contain the relational expression:

   <role name> IS ACTIVE

have access to session variables, and can reference the table in question.

So here some are questions that I am considering:

   * Is there a better way for a client to authenticate itself than
     account/password?
   * Are there other (or better) security models that the flexible role
     model?
   * How should access and security logging interact with the rest of
     the system?
   * What other declarative mechanisms in the database reduce the
     complexity and cost of applications?
   * Is adaptive security a concept that would be useful in the
     database context?
   * What else have we missed?

Any ideas or thought? Even if they don't fit in drizzle, there's always Downpour.

--
Jim Starkey
President, NimbusDB, Inc.
978 526-1376


_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help   : https://help.launchpad.net/ListHelp

Reply via email to