Albert Qu wrote: > Why don't we make a general security framework to support all kinds of > devices? Those spec define the similiar functions, such as > authentication, encryption, etc. The abstract layer will reduce much > time for developing similiar protocol.
We have some of this already, where do don't have it is because the standards bodies come up with different auth and encryption in their protocols. We already have (as of Solaris 10) a core cryptographic framework for userland and kernel. We already have (as of Solaris 2.6) a core host based authentication system for users - PAM. We already have (as of Solaris 2.6) a network based auth for users and network services - GSSAPI (and as of Solaris 10 SASL as well). We already have an in kernel SSL and for userland provide OpenSSL and Mozilla NSS libraries as well as JSSE. We have a device level (as the OS presents the) security model as well, that is being updated with the Tamarack project for even better control over removable media. The security issues with things like Wireless USB and Bluetooth are much more to do with the architecture of the protocols than they are about code reuse and central policy on the host OS. In other words sadly already baked and we just have to work around them to secure the OS from them. -- Darren J Moffat _______________________________________________ opensolaris-discuss mailing list [email protected]
