[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

From: Nicolas Williams <Nicolas.Williams at sun.com>
To: Santosh Chokhani <SChokhani at cygnacom.com>
Cc: selinux at tycho.nsa.gov, labeled-nfs at linux-nfs.org, Kurt Zeilenga <Kurt.Zeilenga at Isode.com>, nfsv4 at ietf.org, saag at ietf.org, nfs-discuss at opensolaris.org
Date: Mon, 6 Apr 2009 10:16:06 -0500
In-reply-to: <FAD1CF17F2A45B43ADE04E140BA83D48A9FFE9 at scygexch1.cygnacom.com>
References: <20090402154402.GM1500 at Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82 at scygexch1.cygnacom.com> <20090403164522.DEA9A9A4739 at odin.smetech.net> <9C2457A4-328A-4A68-A9D2-6E4B5544078D at Isode.com> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFE0 at scygexch1.cygnacom.com> <B8FB99E8-17AA-4D4B-A309-8AF79838A304 at Isode.com> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFE9 at scygexch1.cygnacom.com>

On Mon, Apr 06, 2009 at 07:03:32AM -0400, Santosh Chokhani wrote:
> I view SPIF as performing the following functions: converting machine to
> human representation and vice versa; establishing equivalency between
> two labeling policies, and defining which labels with the lattice are
> valid and which are invalid.

If I understand Russ' comment correctly the difficulty with SPIF lies in
the label equivalency concept.  I think there's a better solution for
dealing with the idea that parts of a policy are classified differently
than others.

Nico
--

Follow-Ups:
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Russ Housley
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani

References:
- [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Nicolas Williams
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Russ Housley
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Kurt Zeilenga
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Kurt Zeilenga
- Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
  - From: Santosh Chokhani

Prev by Date: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Next by Date: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Previous by thread: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Next by thread: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.