hal@GATEWAY.MITRE.ORG (Hal Feinstein) (02/25/89)
Who knows if anything was/is/will be done to permit what DoD people call "discretionary" access control at the IP level. Forms include "filtering" based on host identity (address), host membership in a discretionary access control group, member of a subnet (perhaps via the IPSO and an RSA-like certificate). I'm told that the new thing for all sorts of access control problems is RSA-like certificates. Hope we can stand the overhead.
hal@GATEWAY.MITRE.ORG (02/26/89)
> Who knows if anything was/is/will be done to permit what DoD people > call "discretionary" access control at the IP level. Forms include > "filtering" based on host identity (address), host membership in a > discretionary access control group, member of a subnet. I should have added "discretionary access control performed by the host IP server." A few well designed gateways have such filtering, some quite elaborate; however, what about host based software. The IP security option carries "labels", some of which can be used for access control and others which are "advisory." Does anyone know if any product will have a clean mechanism for passing these advisory labels up to an application which can make use of them?
tsuchiya@GATEWAY.MITRE.ORG (02/27/89)
I haven't been particularly following this, but I know that Deborah Estrins Autonets Task Force has been thinking about this stuff. In particular, she has done some work on what she calls VISAs which are used to authenticate IP-level packets. PT