[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Rob Meijer
capibara at xs4all.nl
Fri Oct 12 05:52:57 EDT 2007
On Fri, October 12, 2007 02:43, Jed Donnelley wrote:
> On 10/11/2007 10:53 AM, Karp, Alan H wrote:
>> Jed wrote:
>>> Horton provides an alternative mechanism that doesn't require such
>>> low level logging of capability transfers. If the capability was
>>> legitimately transferred to Alan with Horton, then Alan would
>>> be listed as responsible and his access to the data would be
>>> logged in such a way as to make low level logs of capability
>>> transfers unnecessary.
>>>
>> I agree. I was pointing out that low level logs could be used to track
>> non-Horton transfers.
>
> And to summarize my response, if you consider non-Horton
> transfers as not meeting policy, then such are just a small
> fraction of many more non-policy mechanisms that would also
> not be detected by low level logs.
As stated in my previous post, I'm no longer fully sure about my folowing
position, but if you could simply state that non horton (or horton like)
transfers don't bundle accountability with responsability, you could
simply ignore them given the fact that the initiator of the transfer will
be held
accountable for any usage of the transfered, even if the receiver would be
responsible.
Rob
More information about the cap-talk
mailing list