> [1] Make a consensus that different security mechanisms have differences
> in its decision making, its gulanuality and its scope
>
> I think it is the most straightforward answer.
> As operating system doing, DAC and MAC based access controls should be
> independently applied on accesses from users, and this model is widely
> accepted.
> These facilities can also have different results, gulanualities and scopes.
>
>
> [2] Make a new implementation of OS-independent fine grained access control
>
> If it is really really necessary, I may try to implement a new separated
> fine-grained access control mechanism due to the CommitFest:Nov.
> However, we don't have enough days to develop one more new feature from
> the scratch by the deadline.
I reconsidered the above two options have no differences fundamentally.
In other word, making a new enhanced security implementation based on
requirements also means making a consensus various security mechanism
can have its individual rules including guranuality of access controls.
So, I'll decide to try to implement "fine-grained-only" security
mechanism also, because someone have such a requirememt.
However, its schedule is extremely severe, if is has to be submitted
due to the deadline of CommitFest:Nov.
It is my hope to concentrate development of SE-PostgreSQL in v8.4
development cycle, and I think the above "fine-grained-only" one
should be pushed to v8.5 cycle.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>