[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

From: "Santosh Chokhani" <SChokhani at cygnacom.com>
To: "Sean Turner" <turners at ieca.com>, "Nicolas Williams" <Nicolas.Williams at sun.com>
Cc: labeled-nfs at linux-nfs.org, nfs-discuss at opensolaris.org, saag at ietf.org, selinux at tycho.nsa.gov, nfsv4 at ietf.org
Date: Sun, 5 Apr 2009 08:01:06 -0400
In-reply-to: <49D80922.9050700 at ieca.com>
References: <20090402154402.GM1500 at Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82 at scygexch1.cygnacom.com> <20090403154253.GZ1500 at Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF9E at scygexch1.cygnacom.com> <20090403173655.GK1500 at Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFAF at scygexch1.cygnacom.com> <20090403191838.GM1500 at Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFBE at scygexch1.cygnacom.com> <20090403195704.GT1500 at Sun.COM> <49D80922.9050700 at ieca.com>

Nico,

The link provided by Sean should help you quite a bit.

The main module leaves up to you to define the semantics of categories
and their interactions.  (May be this is consistent with what Russ is
saying about categories adding excessive complexity)

I did not look at other modules to see if they define categories any
further. 

> -----Original Message-----
> From: Sean Turner [mailto:turners at ieca.com] 
> Sent: Saturday, April 04, 2009 9:28 PM
> To: Nicolas Williams
> Cc: Santosh Chokhani; labeled-nfs at linux-nfs.org; 
> selinux at tycho.nsa.gov; saag at ietf.org; 
> nfs-discuss at opensolaris.org; nfsv4 at ietf.org
> Subject: Re: [saag] Common labeled security (comment on 
> CALIPSO, labeled NFSv4)
> 
> Nico,
> 
> I usually try to find the corresponding ITU spec because I 
> think ITU gives out all of it's ASN.1 modules freely?  
> Anyway, here's a link to the ITU-T X.841 Spec:
> http://www.itu.int/ITU-T/asn1/database/itu-t/x/x841/2000/index.html
> 
> The one thing that's missing from the module is definitions 
> for security categories.  Some suggested categories were 
> defined in Annex B, but it's an informative annex so there's 
> no ASN.1 freely available (they wouldn't allow them in the 
> normative text/module).  Those categories are based on FIPS 
> 188 (the syntax is not the same).
> 
> Note that some of the syntax for labels has made it's way to 
> some IDs/RFCs notably RFC 2634.
> 
> spt
> 
> Nicolas Williams wrote:
> > On Fri, Apr 03, 2009 at 03:51:46PM -0400, Santosh Chokhani wrote:
> >> NSA document on SPIF also had ASN.1 module for SPIF.
> > 
> > Ah, good!  A link would be great.
> > 
> >> May be you can use the applicable concepts to get a head 
> start on XML. 
> > 
> > If the ASN.1 module can be obtained freely then the XML follows 
> > trivially (and, as I said, has already been done).
> > _______________________________________________
> > saag mailing list
> > saag at ietf.org
> > https://www.ietf.org/mailman/listinfo/saag
> > 
>

References:
- [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Sean Turner

Prev by Date: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Next by Date: [saag] IETF74 SAAG draft minutes
Previous by thread: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Next by thread: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.