[Pipet Devel] VSH Security model

jarl van katwijk jarl at casema.net
Tue Apr 11 01:42:22 EDT 2000

> >         2) DL, Definition layer, coordination engine for scheduling UI's and
> >                 partial sharing of structure data. Logs into the BL.
> >         3) BL, Bropkering layer, engine for handling subnets, authentication of
> >                 DL's and parsing to the PL. Wraps application plugins.
> >         4) PL, Processing layer, holds the nodes, wraps (terminal?) applications
> >                 and performs nodes processing.
> What actually holds the 'structure data' and manages the direct manipulation
> of it?

Thinking the PL (overflow) hold all structures that come out the UI\DL. The BL
holds a subset of this information needed for real life operation, like inet
and encryption keys. The BL will define this information by applying static logic.

> >         Authentication system:
> >         0) Localhost has running VSH core, cq a BL\PL process.
> >         1) UI's spawn a new DL.
> >         2) DL's login to BL by their dlID and blPassword.
> >         2a) The 1st DL loggin into a BL becomes the root DL and has the ability
> >                 to authorize other DL's to log into the BL. (AddDL();)
> >         2b) All subnets created by a DL are marked by the idDL and have the same
> >                 login ability (or: idDL+blPassword) as their parent. Subnets can
> >                 therefor be relocated or mirrored inside a remote BL\PL process.
> >         3) DL's can login to other DL's by dlID and dlPassword. Note dlPassword
> >                 is NOT blPassword. These are 2 seperate id+password tables.
> I can see a problem or conflict with the filesystem proposal here.  A change
> made to a network by a second user, during the time when the first user is
> working on the network (and has not saved his changes), is a Bad Thing.

Ic. We need some locking system. I'll think about it (too).

> I proposed that the whole volume or network be locked by the first user who
> mounts it.  This is what all multi-user OSes do to an extent (maybe files are
> locked rather than whole volumes).  And I see it as the simplest way to
> prevent the problem.  But it means you just can't have DL's share a network.

I though this DL's sharing it's nodes with another DL is something that Loci would
have gotten?

Also I'll think about distributed filesystem proposal,
when I understand it i'll give my views on it.

More information about the Pipet-Devel mailing list