[104] in Open-Software-Foundation-News
Delegation access check
daemon@ATHENA.MIT.EDU (Rajesh_Agarwalla@transarc.com)
Thu Dec 29 16:05:50 1994
Resent-From: Bill Cattey <wdc@MIT.EDU>
Resent-To: osf-news-mtg@menelaus.LOCAL
Date: Thu, 29 Dec 1994 14:12:40 -0500 (EST)
From: Rajesh_Agarwalla@transarc.com
To: pato@APOLLO.HP.COM
Cc: sig-dce@osf.org, Richard_Sanzi@transarc.com, Craig_Everhart@transarc.com
Joe,
To support delegation, the authorization model needed to be extended
to allow principals access as intermediaries but not as initiators.
Additional delegate ACL entries were defined to do so. Also any
rights granted to a principal as an initiator was also granted to the
principal as an intermediary.
This suggests that "user_delegate:foo" ACL entry rights are in
addition to the rights granted by "user:foo" ACL entry when foo acts
as a delegate i.e. when a principal acts as a delegate it accrues
rights from the regular non-delegate ACL entries and the delegate ACL
entries.
The modifications made to the DFS ACL access check algorithm and the
access check algorithm in the new ACL library code however ignore the
user_delegate:foo entry in the presence of a user:foo entry when foo
is acting as a delegate i.e. its not possible to grant a principal
rights of its own accord (initiator) and additional rights as a
delegate.
The model of considering the rights granted by user_delegate:foo entry
in addition to those granted by user:foo, when foo acts as a delegate,
is more intuitive and simpler than ignoring user_delegate:foo in
presence of a user:foo. The latter implementation leads a possibility
of confusion when the ACL for a object is modifed to have a user:bar
entry when previously it only had a user_delegate:bar entry. Clients
may find that access previously granted (via delegation) is no longer
available.
Ron Arbo mentioned that this issue was discussed when the code was
implemented and that I speak with you about this. I wanted to get your
thoughts on this issue as to why the latter approach was adapted. I
would be grateful for your comments and criticism on this note.
Thanks very much
Rajesh
