[comp.os.vms] Network-wide identifiers

IMHW400@INDYVAX.BITNET (06/24/88)

[EVERHART%ARISIA.decnet@GE-CRD.ARPA suggests a scheme for propagating security
identifiers across DECnet.]

Two thoughts on your interesting proposal:

o       Maybe the new Distributed Name Service can help out somehow?  It
        could make the identifiers' names and values known throughout the
        network, which is a start.

o       A less flexible approach can be had without so much network traffic.
        A set of identifiers {NOT_IN_AREA, NOT_SAME_IDP, NOT_TRUSTED} can
        be implemented using only information available to the service process'
        node, by examining the requestor's address.  Only NOT_TRUSTED requires
        more overhead than a longword or string comparison.  While this
        does not allow the control of individual users' access, it *does*
        allow you to lock your files against the most likely sources of
        annoyance:  other network areas (divisions?), other networks
        (organizations?), and any node known to have many holders of TWIT.
        If you don't mind some more table-lookups, you could have tables
        of trusted areas and IDPs as well.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mark H. Wood    IMHW400@INDYVAX.BITNET   (317)274-0749 III U   U PPPP  U   U III
Indiana University - Purdue University at Indianapolis  I  U   U P   P U   U  I
799 West Michigan Street, ET 1023                       I  U   U PPPP  U   U  I
Indianapolis, IN  46202 USA                             I  U   U P     U   U  I
[@disclaimer@]                                         III  UUU  P      UUU  III