Re: Row-Level Security

(2009/12/13 5:30), Stephen Frost wrote:
> Greetings,
> 
>> I'll start a new thread on this specific topic to hopefully pull out
>> anyone who's focus is more on that than on SEPG.
> 
> Row-Level security has been implemented in a number of existing
> commercial databases.  There exists an implementation of row-level
> security for PostgreSQL today in the form of SEPostgres.
> I believe there is a signfigant user base who would like RLS without
> SELinux (or perhaps with some other security manager).  As it is a
> useful feature indepenent of SELinux, it should be implemented in a way
> which doesn't depend on SELinux in any way.

Yes, it is also my plan.
If once PostgreSQL gets row-level granularity in access controls,
it is quite easy to add SELinux support as a security provider.


> I've started a wiki page to discuss this here:
> http://wiki.postgresql.org/wiki/RLS
> 
> I'd like to start a discussion about RLS for PG- design, user-interface,
> syntax, capabilities, on-disk format changes, etc.  For starters, I
> think we shoud review the existing RLS implementations.  To that end,
> I've added a number of articles about them to the wiki.  I think the
> next step is to start summarizing how those operate and important
> similarities and differences between them.  Our goal, of course, is to
> take the best of what's out there.
> 
> Please comment, update the wiki, let us know you're interested in this..

Good start, however, could you defer the discussion after the Feb-15?
My hands are now full in the security framework and SE-PgSQL/Lite. :(

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>