[Security_sig] DCL security section early draft

Mary Edie Meredith maryedie at osdl.org
Tue Jan 4 14:18:22 PST 2005


Thanks so much Emily!  I have one comment  below:

On Tue, 2005-01-04 at 13:57, Emily Ratliff wrote:
> Hi,
> 
> Here is another draft of the DCL security document with some suggested
> changes:
> (See attached file: DCL Security section v2withEdits.sxw)
> 
> I enabled markup so you can review and accept/reject the individual
> changes. Some of the changes were minor wording changes that you may
> not wish to take.
> 
> I think it still needs some work/input from others on the team in the
> following areas:
> 
> 1) The Discretionary Access Control capability section needs to be
> updated as Chris suggested.
> 
> 2) I added in example technologies because it helps to understand the
> requirement if you can relate to the solution (when the solution is
> better known than the requirement that motivated it). I went back and
> forth on where to add them, because they would seem better suited for
> the Capabilities section than the Assumptions section. However, when I
> tried to put them there, we seem to be missing capabilities to answer
> some of the threat assumptions. (For example, none of the capabilities
> really addresses cross-site scripting risks.)
> - Do you want to leave the technologies in where they are or move them
> to capabilities?
> - Do you/Does the team agree that we are missing capabilities?

Our intent was to list the capabilities that we could agree would come
from these assumptions.  It was not intended as a complete list.  

Once we have the assumptions vetted, then we hope to do an update of the
document where we then would do a complete job of listing the
capabilities needed for DCL.

If there are any obvious capabilities missing today, we would be happy
to add them, but given our approach, it isnt necessary to have them
immediately.

Regards,

Mary
> 
> Emily
> 
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com 
> 
> ______________________________________________________________________
> _______________________________________________
> security_sig mailing list
> security_sig at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/security_sig
-- 
Mary Edie Meredith 
maryedie at osdl.org
503-906-1942
Open Source Development Labs




More information about the security_sig mailing list