the three security architectures

cap@novosoft.nsc.ru cap@novosoft.nsc.ru
Fri, 23 Jun 2000 20:12:13 +0700 

It is the "first impression" response and it is not yet well thought.

A few words in defence of principal system. I'm not very fond of it, but I
feel that your post is a bit onesided.

Principal system has defects, but is used because it is simple. Prinicipal
system has very simple concept of administration. It has declarative
security management that is easy to understand for the average user.
Prinicipal system makes simple things simple (complicated cases became too
complex, but it is another story). It is very simple and intutively obvious
(after reading manuals) (but intuatition may go wrong in complicated cases)
in principal system to do following things:

1. specifying intial state of the system.
2. examining current state of the system.
3. Granting/Revoking rights in the batch aligned with real world
organizational concepts.
4. Undeploying, redeploying components in the system. (Install/uninstall
program, add remove file, etc..)
5. Limiting harm the user can make (suid introduce problems here).
6. little effor needed for adding program to the system.
7. unified administartion framwork. (Concentration of administration tools
at OS level tools)
8. (add something yourself)

I urge to see simple administartion concepts for capability system. I would
like to see concepts that comunicate capabity system administration well
and make it simple and obvious. Capability sytems should be configured
currently in programitical way, ACL have delarative administartion from
start.

I do not tell that the simplisity is impossible. But there is something
like the following choice currently:

1. A lot of micromanagement in administration. (administrators' time is
expensive)
2. Emulating  principal system over capability system and losing capability
system benfits.

I hope something else is possible because I like neither variant. Easy of
use and administartion concepts are not yet developed for capability
system.

The easy of use and administartion should be addressed in you post. If it
will not be addressed, the article may be discarded as biased.

Constantine