Re: A small security feature proposition

From: David Mohring <heretic ihug co nz>
To: Grzegorz Staniak <gstaniak zagiel pl>
Cc: gnome-list gnome org
Subject: Re: A small security feature proposition
Date: Sun, 04 Jun 2000 13:03:29 +1200

A more constrained approach would probably be better.

gnome-script - Safer XML scripting 
 
Create a list of approved "external file" operations in the 
same vain as the gnome mime file type list. 

Each operation would have  
   a unique identifier,
   a list of "security area group" groups to grant/deny access,
   a script to check the parameters, 
   a shell/bonobo/file template to call the operation/access the file
   and an optional template with the returned filename.

Embed the operations in the gnome xml documents by having the
gnome-script in XML with its own name space. 

Non-destructive operations/files would have a "security area" of "any".

Grant/Deny embedded script access to other operations/files based on
having the required digital signature (see
http://www.w3.org/TR/xmldsig-core/) for the "security area group".

This way you could have active document scripting on a case by case
basis.

David Mohring - "Only you can prevent forest fires"

Follow-Ups:
- Re: A small security feature proposition
  - From: Grzegorz Staniak

References:
- A small security feature proposition
  - From: Grzegorz Staniak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]