On Thu, Jun 10, 2010 at 9:39 PM, Shaz <[email protected]> wrote: >> Do you have in mind a particular use case and risks you wish to protect >> against? I can take that example to explain how it can be done by our >> framework. > > Please re-read the use-case again ... you have overly simplified it. > Openness between manufacturer and operator is something else while openness > with third party service providers is something else and then the policy > management between multiple authoritative domains. The third service > provider might not come through the operator's authoritative domain? Here > the rights cannot be managed at operator's cloud alone!
As I said, we're not generic security kitchen sink and have somewhat limited problem to solve. For now, each installation source has known set of credentials they can grant. > Where does rbac play its role? Credentials ...? We're not exactly rbac. I take the public arch docs have been corrected in this sense already? > How is verification of resources performed by Aegis or whatever? > > How is domain isolation done? > > Where does LSM come into use and how is dbus utilized? i see no use of LSM > in this scheme. All what jane said can be done without LSM. All in due time. Be patient. -- // Janne _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
