On Wed, 2005-04-13 at 17:51 -0400, Aaron Sherman wrote: > On Wed, 2005-04-13 at 17:01, Dan Sugalski wrote: > > So here's what I was thinking of for Parrot's security and quota > > model. (Note that none of this is actually *implemented* yet...) > [...] > > It's actually pretty straightforward, the hard part being the whole > > "don't screw up when implementing" thing, along with designing the > > base set of privs. Personally I think taking the VMS priv and quota > > system as a base is a good way to go -- it's well-respected and > > well-tested, and so far as I know theoretically sound. Unix's priv > > model's a lot more primitive, and I don't think it's the one to take. > > (We could invent our own, but history shows that people who invent > > their own security system invent ones that suck, so that looks like > > something worth avoiding) > > VMS at least *is* a priv-based security model, but VMS privs are not > appropriate for parrot on the whole.
The best known model for privileges (logic of authorisation over) is that of Oracle, RT, etc, where access over privileges is transitive. Will find good references on request/when I have more time. Bad references are available from Ravi Sandhu, but he doesn't handle transitivity or modification of rights well, if at all. S.
