comp.lang.ada
 help / color / mirror / Atom feed
From: nickroberts@blueyonder.co.uk (Nick Roberts)
Subject: Re: Advantage of XML based GUI? (was Re: Ada-inspired OS/Language)
Date: Fri, 13 Sep 2002 19:55:58 GMT
Date: 2002-09-13T19:55:58+00:00	[thread overview]
Message-ID: <3d823132.1089638283@news.cis.dfn.de> (raw)
In-Reply-To: slrnao386c.lm.randhol+news@kiuk0156.chembio.ntnu.no

On Fri, 13 Sep 2002 08:24:44 +0000 (UTC), Preben Randhol
<randhol+news@pvv.org> strongly typed:

>On Fri, 13 Sep 2002 01:53:42 GMT, Nick Roberts wrote:
>>>I hope you are thinking of doing it the UNIX way. I mean that the user
>>>does not have root/administrator privileges and that there is only one
>>>root superuser which is not used unless when one needs to install
>>>software.
>> 
>> AdaOS will be a fully object oriented OS, and its design is not closely
>> related to any of the Unixen. I am considering the various security schemes
>> offered by CORBA at the moment. I may well choose to enhance these with
>> many further facilities. 
>
>I was only thinking in the respect of how you define users.
>
>> The security mechanisms of AdaOS will be built into each object (class),
>> and will be tailored to the specific needs of that object (class); this is
>> a considerably more sophisticated approach than any isomorphic OS can
>> offer.
>
>So if somebody runs a program that contains a virus of some kind he will
>not deleting the hard disc for example? The reason for my question was
>that one can in Linux choose to login as root all the time when one has
>ones own machine, but this is utterly stupid. The reason is that if you
>run a rouge program it will have access to all the disc and can do
>anything as it would be run under superuser priveliges. Therefore one
>makes a normal user and uses this all the time and only use the
>superuser when one need to install software. In Windows they put the
>superuser priveliges on one of the users... That's why I'm asking.

In simple terms, we will take steps to ensure that this sort of this cannot
happen in standard AdaOS installations.

For example, when a program is downloaded from the Internet and executed,
it will be executed with an 'authority' that is very limited (certainly
disallowing reformatting the hard disk ;-)  If that program tries to access
an object it (it's authority) does not have permission to access, the user
will be asked whether to grant that access; the user can say "yes" (in
which case the permission is effectively added to the authority) or "no".
Objects will have security 'groups', to make this process a little less
laborious.

In AdaOS, when a user logs on, the authentication program (called "Quis")
grants him or her a set of authorities, by the expedient of running a
representative (avatar) program, such as "Jumbo" (GUI Session Manager),
which has been granted those authorities. It is these authorities which
carry security rights and information. Whenever the program accesses
another object, it cites an authority; it is this authority that is used by
the object to check the validity of the access (and in any auditing log it
may make).

Each machine will have one special user, the 'workstation administrator',
who is granted an authority that permits full access to every object in or
created by the workstation. This will include, for example, the hard disk
(direct access to it).

However, every user will also be able (and encouraged) to define multiple
'roles' for himself or herself. Each role will define which authorities to
use in conjunction with which objects and which types of access, and a set
of authorities to grant. When the user runs a program, they specify a role,
and this controls the authorities granted to the program, and the default
ways in which it uses them to access objects.

Thus, a user could have a role "Workstation Administrator", as well as
other roles such as "Idle Web Wanderer". "Workstation Administrator" may
grant the authority that permits reformatting of the hard disk. Probably
"Idle Web Wanderer" will not. So, by citing the role "Workstation
Administrator" only when necessary, the user can help protect himself from
doing something disastrous.

-- 
Nick Roberts



  reply	other threads:[~2002-09-13 19:55 UTC|newest]

Thread overview: 97+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-08-20 14:10 Ada-inspired OS/Language Ryan
2002-08-20 14:34 ` Jim Rogers
2002-08-20 14:59 ` Darren New
2002-08-20 17:57 ` Warren W. Gay VE3WWG
2002-08-29 22:24   ` Nick Roberts
2002-08-30 13:33     ` Marin D. Condic
2002-08-31  3:38       ` Nick Roberts
2002-08-31 13:54         ` Marin David Condic
2002-09-04 16:47         ` Jacob Sparre Andersen
2002-09-04 17:24         ` Darren New
2002-09-05  3:16           ` Nick Roberts
2002-09-05  8:41             ` Georg Bauhaus
2002-09-12  2:17             ` Rod Haper
2002-09-06 17:31     ` Richard Riehle
2002-09-07  0:23       ` Nick Roberts
2002-09-07 13:43         ` Marin David Condic
2002-09-07 15:18           ` Nick Roberts
2002-09-08 22:14           ` Robert C. Leif
2002-09-09 10:27             ` Advantage of XML based GUI? (was Re: Ada-inspired OS/Language) Preben Randhol
2002-09-09 14:27               ` Larry Kilgallen
2002-09-09 14:02                 ` Marin David Condic
2002-09-09 14:43                   ` Preben Randhol
2002-09-09 21:58                   ` Ryan Tarpine
2002-09-11 16:40                   ` Warren W. Gay VE3WWG
2002-09-12 10:01                     ` Georg Bauhaus
2002-09-12 16:43                       ` Warren W. Gay VE3WWG
2002-09-12 18:54                         ` Georg Bauhaus
2002-09-12 21:22                           ` Warren W. Gay VE3WWG
2002-09-13 12:15                             ` Georg Bauhaus
2002-09-10  5:21                 ` Robert C. Leif
2002-09-10  5:21               ` Robert C. Leif
2002-09-10 12:31                 ` Preben Randhol
2002-09-10 13:16                   ` Marin David Condic
2002-09-15 19:49                     ` Christopher Browne
2002-09-10 22:32                   ` achrist
2002-09-11  4:45                     ` Christopher Browne
2002-09-11  5:59                       ` achrist
2002-09-12 14:55                         ` Christopher Browne
2002-09-11  2:28               ` Ted Dennison
2002-09-11 13:54                 ` Robert C. Leif
2002-09-11 14:06                   ` Programmer Dude
2002-09-11 19:48                 ` Nick Roberts
2002-09-12  8:02                   ` Preben Randhol
2002-09-12 14:27                     ` Chad R. Meiners
2002-09-18 17:49                       ` Andrew Berg
2002-09-18 23:13                         ` Chad R. Meiners
2002-09-12 16:12                     ` Nick Roberts
2002-09-12 16:45                       ` Preben Randhol
2002-09-12 17:03                         ` David C. Hoos
2002-09-13  7:57                           ` Preben Randhol
2002-09-13 19:55                             ` Nick Roberts
2002-09-14 12:59                               ` Marin David Condic
2002-09-16  5:20                                 ` Robert C. Leif
2002-09-16  8:16                                 ` Preben Randhol
2002-09-16 11:47                                   ` Marin David Condic
2002-09-16 12:08                                     ` Preben Randhol
2002-09-17 12:04                                       ` Marin David Condic
2002-09-12 18:57                         ` Georg Bauhaus
2002-09-13  8:01                           ` Preben Randhol
2002-09-13 12:23                             ` Georg Bauhaus
2002-09-13 15:32                               ` Preben Randhol
2002-09-13  1:53                         ` Nick Roberts
2002-09-13  8:24                           ` Preben Randhol
2002-09-13 19:55                             ` Nick Roberts [this message]
2002-09-14 15:42                               ` Warren W. Gay VE3WWG
2002-09-14 16:19                                 ` Chad R. Meiners
2002-09-15  3:31                                   ` Nick Roberts
2002-09-15  5:50                           ` Mark Biggar
2002-09-15  8:38                             ` achrist
2002-09-15 21:54                               ` Nick Roberts
2002-09-16 15:26                                 ` Larry Kilgallen
2002-09-17  2:36                                   ` Nick Roberts
2002-09-17  4:07                                 ` Larry Kilgallen
     [not found]                                 ` <jHHM$fQsCilo@eisneOrganization: LJK Software <bNwUY4VpTlxs@eisner.encompasserve.org>
2002-09-17 22:05                                   ` Nick Roberts
2002-09-12 17:23                       ` Larry Kilgallen
2002-09-13  0:45                         ` Robert C. Leif
2002-09-13  8:10                           ` Preben Randhol
2002-09-13 17:44                             ` Robert C. Leif
2002-09-13  1:53                         ` Nick Roberts
2002-09-13  3:02                           ` Robert A Duff
2002-09-13 10:50                           ` David C. Hoos, Sr.
2002-09-13 17:00                           ` Larry Kilgallen
2002-09-13 19:55                             ` Nick Roberts
2002-09-12 20:36                       ` chris.danx
2002-09-13  1:53                         ` Nick Roberts
2002-09-13 12:14                       ` Marin David Condic
2002-09-13 15:29                         ` Robert A Duff
2002-09-13 17:02                           ` Larry Kilgallen
2002-09-14 12:49                             ` Marin David Condic
2002-09-16  8:14                               ` Preben Randhol
2002-09-16 11:56                                 ` Marin David Condic
2002-09-13 17:27                           ` Jeffrey Carter
2002-09-16  7:55                             ` Mats Karlssohn
2002-09-13 15:34                       ` Warren W. Gay VE3WWG
2002-09-09 10:00           ` Ada-inspired OS/Language Peter Hermann
2002-08-30 23:56   ` Samuel Tardieu
     [not found] <000201c25b4d$2a9eba10$789a0844@robertqgx6k4x9>
2002-09-14  6:17 ` Advantage of XML based GUI? (was Re: Ada-inspired OS/Language) Robert C. Leif
replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox