Nico, Either you need equivalency or not. If you do not, that part of SPIF can be stripped off. If you do need one, the complexity, scalability, and interoperability of other alternatives should be assessed against SPIF approach. (We want to compare apples to apples) > -----Original Message----- > From: Nicolas Williams [mailto:Nicolas.Williams at sun.com] > Sent: Monday, April 06, 2009 11:16 AM > To: Santosh Chokhani > Cc: Kurt Zeilenga; selinux at tycho.nsa.gov; > labeled-nfs at linux-nfs.org; nfsv4 at ietf.org; saag at ietf.org; > nfs-discuss at opensolaris.org > Subject: Re: [saag] Common labeled security (comment on > CALIPSO, labeled NFSv4) > > On Mon, Apr 06, 2009 at 07:03:32AM -0400, Santosh Chokhani wrote: > > I view SPIF as performing the following functions: > converting machine > > to human representation and vice versa; establishing equivalency > > between two labeling policies, and defining which labels with the > > lattice are valid and which are invalid. > > If I understand Russ' comment correctly the difficulty with > SPIF lies in the label equivalency concept. I think there's > a better solution for dealing with the idea that parts of a > policy are classified differently than others. > > Nico > -- >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.