On Thu, Jun 10, 2010 at 4:33 PM, Shaz <[email protected]> wrote: >> >> Effective bits in access control are quite simple and similar to >> >> SMACK. Check the linux-security-module discussion for starters. >> >> The 'real' difference between smack and this is that we support >> >> multiple task labels and the fact that we don't allow the task to >> >> change it's own security context. >> > >> > Multiple task labels for multiple role assignment I guess ...? >> >> In our case label does not really identify a task, it identifies >> a function task is allowed to perform on remote server. Each >> task can have any number of detailed rights assigned. > > A use-case/example will help because it is not making sense to me.
Task can hold tokens named 'Calendar' and 'Phonebook' for accessing these interfaces. Or, we can drop this even lower by saying Calendar::function and everything else is not granted for. > Do you maintain the rights on the client platform? Policy enforcement is done by the server being accessed. Credential assignment happens per-task basis and during exec. -- // Janne _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
