> > Task can hold tokens named 'Calendar' and 'Phonebook' for > accessing these interfaces. Or, we can drop this even > lower by saying Calendar::function and everything else is > not granted for. > > This is where dbus comes in ... right? And now I am loosing what LSM and rbac does here :)
> > > Do you maintain the rights on the client platform? > > Policy enforcement is done by the server being accessed. > Credential assignment happens per-task basis and during > exec. > Got it. You mean session of active resource is given the credential accordingly. How can you handle client side and server side service mashups with this theme? -- Shaz
_______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
