[OpenAFS-devel] Project Proposal: Credential Process Groups (fwd)
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 06 May 2009 23:18:06 -0400
------------ Forwarded Message ------------
Date: Wednesday, May 06, 2009 12:26:34 PM -0700
From: Garrett D'Amore <Garrett.Damore@Sun.COM>
To: on-discuss@opensolaris.org, security-discuss@opensolaris.org,
kerberos-discuss@opensolaris.org, solaris driver
<driver-discuss@opensolaris.org>
Cc:
Subject: Project Proposal: Credential Process Groups
We seek the endorsement of the ON, security, Kerberos and device drivers
communities for a project that seeks to add a new, extensible process
grouping facility to OpenSolaris.
The project is called "Credentials Process Groups" (CPGs) and had a
PSARC inception on Wednesday, May 6 2009, under PSARC/2009/271.
The project leaders are Nicolas Williams and Garrett D'Amore.
Initial consumers of this project would be:
- Solaris audio (Boomer)
- Solaris Kerberos
CPGs are an extensible process grouping facility that uses cred_t for
process grouping.
The reason for using cred_t for process grouping is to make these
process groups visible to device drivers (via cred_t accessors and in
IPC (via ucred_get(3C) accessors), that is, in contexts where it's not
necessarily possible to directly or indirectly access a proc_t. The
concept comes from the Andrew File System (AFS) concept of Process
Authentication Groups (PAGs) and is similar to Linux keyrings.
Materials can be found in the ARC case directory, along with the issues
file and mail record:
http://arc.opensolaris.org/caselog/PSARC/2009/271/inception.materials/
http://arc.opensolaris.org/caselog/PSARC/2009/271/issues
http://arc.opensolaris.org/caselog/PSARC/2009/271/mail
Nico & Garrett
_______________________________________________
security-discuss mailing list
security-discuss@opensolaris.org
---------- End Forwarded Message ----------