On 11.03.25 19:46, Alan Coopersmith wrote: Hi,
This sounds partially similar to the Trusted Solaris extension, which in Solaris 10 and later relied on Solaris zones for the client isolation for each "label", and returned fake success messages to reduce the breakage on client applications (which I believe dates back to the original "Less Insecure X" paper/prototype).
a little bit similar. But XNS is more flexible, not tied to particular user or zone/container management scheme, and of course network transparent. Right now (within this PoC), the client->namespace association is based on auth token. Should IMHO be enough for surrounding infrastructure doing the provisioning depending on actual use case (a mobile device might have very different requirements than an industrial control station)
I believe Glenn Faden (the architect of Trusted Solaris) published some papers on the design & implementation as well.
thanks for the hint. --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287
