Technical Summary
This Internet-Draft outlines high-level requirements for the
integration of flexible Mandatory Access Control (MAC)
functionality into NFSv4. It describes the level of
protections that should be provided over protocol components
and the basic structure of the proposed system. It also gives
a brief explanation of what kinds of protections MAC systems
offer.
Working Group Summary
After building the relavent use cases for labeling within
the NFS protocol, there has been broad consensus in the
working group for support of Mandatory Access Control (MAC)
funtionality.
Document Quality
The requirements and use cases captured in this Internet Draft
are built from a long history of operating systems security
structure and use. This document captures the best method
through years of implementation in other file system contexts
along with the implementation in SELinux of an NFS feature set
much like what is captured in the requirements. The content
of this document has received quality feedback and review
throughout its life.
Personnel
Spencer Shepler (NFSv4 WG co-chair) is the document shepherd
Martin Stiemerling is the Responsible Area Director.