On Mon, Apr 06, 2009 at 11:51:38AM -0400, Santosh Chokhani wrote: > Either you need equivalency or not. > > If you do not, that part of SPIF can be stripped off. > > If you do need one, the complexity, scalability, and interoperability of > other alternatives should be assessed against SPIF approach. Indeed. I think, however, that it will be necessary to support policies parts of which are classified differently from each other. It'd be nice to be able to get rid of such a complication. But you can see why this is needed. Remember that during WWII very few people on the Allied side knew about some of the cryptanalysis efforts being made, and, IIRC, all such information was classified as "Ultra" and no one who didn't have Ultra clearance was allowed to know that Ultra existed (presumably because public knowledge of such a classification might have caused the enemy to wonder). Today the names and existence of specific compartments rather than specific sensitivity level, are likley to be the cause of thie requirement. Nico -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
