[MeeGo-dev] Security architecture
Janne Karhunen
janne.karhunen at gmail.com
Thu Jun 10 11:59:07 PDT 2010
On Thu, Jun 10, 2010 at 9:39 PM, Shaz <shazalive at gmail.com> wrote:
>> Do you have in mind a particular use case and risks you wish to protect
>> against? I can take that example to explain how it can be done by our
>> framework.
>
> Please re-read the use-case again ... you have overly simplified it.
> Openness between manufacturer and operator is something else while openness
> with third party service providers is something else and then the policy
> management between multiple authoritative domains. The third service
> provider might not come through the operator's authoritative domain? Here
> the rights cannot be managed at operator's cloud alone!
As I said, we're not generic security kitchen sink and have
somewhat limited problem to solve. For now, each installation
source has known set of credentials they can grant.
> Where does rbac play its role? Credentials ...?
We're not exactly rbac. I take the public arch docs have been
corrected in this sense already?
> How is verification of resources performed by Aegis or whatever?
>
> How is domain isolation done?
>
> Where does LSM come into use and how is dbus utilized? i see no use of LSM
> in this scheme. All what jane said can be done without LSM.
All in due time. Be patient.
--
// Janne
More information about the MeeGo-dev
mailing list