home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Usenet 1994 January
/
usenetsourcesnewsgroupsinfomagicjanuary1994.iso
/
sources
/
std_unix
/
reports
/
posix.6
< prev
next >
Wrap
Text File
|
1991-09-06
|
4KB
|
144 lines
.\" Use -mm macros
.ds Rh POSIX.6: POSIX Security Extensions
.ds Au Ana Maria De Alvare\*' <anamaria@sgi.com>
.ds Dt July 8-12, 1991
.ds Lo Santa Clara, CA
.ds Ed Stephen R. Walli <stephe@usenix.org>
.ds Wd U\s-3SENIX\s0 Standards Watchdog Committee
.if '\*(Su'' \{\
.ds Su the \*(Dt meeting in \*(Lo:
.\}
.if n \{\
.tm Subject: Standards Update, \*(Rh
.tm From: \*(Ed
.tm Reply-To: std-unix@uunet.uu.net
.tm Organization: \*(Wd
.tm
.\}
.AF "\*(Ed, Report Editor"
.AU "\*(Wd"
.MT 4
.S 12
.sp
\*(Rh
.if n \{\
.nh
.na
.\}
.sp
.P
\fB\*(Au\fP reports on \*(Su
.P
Hello \s-1USENIX\s0 members!
.P
This time my report will be very brief.
It is
brief
because there were no big disagreements at the meeting,
and because
the whole week was spent in cleaning up the document for formal
ballot.
.P
This was the last meeting working in functional subgroups,
addressing discretionary and mandatory access controls
(\s-1DAC\s0 and \s-1MAC\s0),
audit,
and privileges.
At the next meeting the group will be divided into
people helping with the balloting process,
doing test assertions,
and
identifying areas that \s-1POSIX.6\s0 has not covered.
The ballot document should come out sometime after the September mailing
(September 10,
1991).
.P
\s-1POSIX.6\s0 spent the whole week addressing all the mock ballot comments
and objections.
A small group of three people,
including myself,
began working
on the first draft of the \s-1POSIX.6\s0 test methods.
The test methods
draft will be brought to the next meeting
and
people from the disbanded subgroups
will begin creating test methods for
the functions defined in \s-1POSIX.6\s0 document.
It will be a long week!
.P
So what areas aren't covered in the current \s-1POSIX.6\s0 draft?
The three major areas that I know are not covered are:
.DL
.LI
authentication,
.LI
security system administration, and
.LI
network
security.
.LE
.P
There are items in the subgroups which are also not addressed.
A portable audit format has not been fully defined,
and so
is not going out for ballot.
With mandatory access controls,
we decided at this meeting
to not enforce privileges on an implementation of multi-level
directories.
Except for some clean-up in Draft 11,
discretionary access controls remain the same.
.P
The data type issue
still remains
across the \s-1DAC\s0,
\s-1MAC\s0,
audit,
and privileges subgroups.
To interoperate between systems,
opaque objects need to be stored and retrieved without concern
for the implementation defined formats.
An opaque object model also provides consistency across the interfaces.
\s-1POSIX.6\s0 subgroups have defined a number of security related objects.
We cannot agree on a way to represent these,
but have determined four possibilities:
.DL
.LI
A Type 1 object is opaque,
and is only valid for use by the process which
gets the data,
and only for the lifetime of the process.
.LI
A Type 2 object is still opaque,
but it must be self-contained
and
persistent.
.LI
A Type 3 object is a text string with an undetermined format.
\s-1MAC\s0 labels
are represented as Type 3 data types.
.LI
A Type 4 object is a text string with a defined format.
Access Control Lists (\s-1ACL\s0s) have a
Type 4 representation.
.LE
.P
One compromise was that the subgroups would define conversion routines
for Type 2 and 3 data,
which would return an opaque object and the length in bytes of the
object.
.P
We were still unable to agree upon a uniform type representation across
the four subgroups in the July meeting.
This issue will likely be a hot one in the balloted document.
We will have to
wait
and
see what the ballot brings to resolve this.
.P
Well,
that's all folks!
Keep an eye out
for the \s-1POSIX.6\s0 ballot.
