Secure Coding mailing list archives
RE: ACL (access control lists) generic design questions
From: "Shea, Brian A" <Brian.A.Shea () bankofamerica com>
Date: Thu, 26 Feb 2004 20:17:21 +0000
Would you want to ad any ACL ability or attributes for Meta-Data on objects? or would that ACL be on a different object? -----Original Message----- From: William Herrera [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 12:20 AM To: [EMAIL PROTECTED] Subject: [SC-L] ACL (access control lists) generic design questions Hello folks, I think some here might have suggestions about improvements to existing ACL's. I'm working on an extensible access-control-list style authorization system, beyond the usual read/write authorization schemes, probably to be written as a Perl module for CGI use and using a database on the back end. This is designed to allow fine control over the use of data and other objects by a given user. Right now it mainly uses read/append/edit/delete modes, since in its present alpha form it has a well defined groupware use, but I intend to make it more flexible than that, generic enough to be used as a general-purpose open source perl object authorization module. In doing so, I'd like to define modes of access beyond the ones allowed by Unix and Windows ACL's. These, so far, include: list object (see the object in a ls or dir listing) read or view object append (simple data) to object add link (to another object) within the object edit (change existing object's data or structure) delete object undelete or roll back object to a prior state administer (change object's authorizations or modes) ownership (to be the creator of the object or equivalent) Does anyone know of an access control type they've wanted in an access control list but not had?
Current thread:
- ACL (access control lists) generic design questions William Herrera (Feb 26)
- Re: ACL (access control lists) generic design questions Richard Moore (Feb 26)
- Re: ACL (access control lists) generic design questions Glenn and Mary Everhart (Feb 27)
- RE: ACL (access control lists) generic design questions Bill Eddins (Feb 27)
- RE: ACL (access control lists) generic design questions (oh, and Reply-To) Kim Gräsman (Mar 01)
- <Possible follow-ups>
- RE: ACL (access control lists) generic design questions Shea, Brian A (Feb 26)
- Re: ACL (access control lists) generic design questions Peter G. Neumann (Feb 26)