PERFORCE change 24156 for review

Chris Costello chris at freebsd.org
Fri Jan 24 23:53:04 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=24156

Change 24156 by chris at chris_holly on 2003/01/24 15:53:02

	o Clean up grammar a bit.
	o Change the title of "Resource Classifications" to "Subjects and
	  Objects"
	o Clarify the definition of Security Policy.  Adam Migus reports that
	  some NAI meeting came to the conclusion that we should not refer
	  to security policies as resource managers.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#6 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-defined.sgml#3 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#2 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#6 (text+ko) ====


==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-defined.sgml#3 (text+ko) ====

@@ -14,7 +14,7 @@
     that should not do not.  Those that should have access to the
     network have it, and those that should not do not.  Enforcing
     <emphasis>intent</emphasis> is the job of the security policy,
-    configured by the system administrator.</para>
+    as configured by the system administrator.</para>
 
   <para><emphasis>Security, therefore, is defined as the enforcement
       of a particular set of security policies.</emphasis>  The

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#2 (text+ko) ====

@@ -9,15 +9,16 @@
   <section id="introduction.security-definitions.security-policy">
     <title>Security Policy</title>
 
-    <para>While <quote>security</quote> is defined as
-      <emphasis>the enforcement of the appropriate use of system
-        resources</emphasis>, <quote>security policy</quote> is
-      defined as <emphasis>the set of rules that determine what
-        constitutes <quote>appropriate</quote></emphasis>.  These
-      rules can usually be laid out in a similar fashion to a
-      standard or RFC document: <quote>this resource MUST be used
-        in this fashion only</quote>, <quote>this resource MUST
-        NOT be used in this fashion</quote>, etc.</para>
+    <para><quote>Security</quote> is defined as <emphasis>the
+        enforcement of a particular set of security
+        policies</emphasis>.  <quote>Security policy</quote>, then, is
+      defined as <emphasis>the set of rules that determine which
+        subject/object interactions to permit, and which
+        subject/object interactions to deny</emphasis>.  These rules
+      can usually be laid out in a similar fashion to a standard or
+      RFC document: <quote>this object MUST be acted upon in this
+        fashion only</quote>, <quote>this subject MUST NOT act upon
+        this object in this fashion</quote>, etc.</para>
 
     <para>The FreeBSD operating system does not specify one single
       security policy.  Rather, a conglomeration of policies
@@ -33,10 +34,12 @@
       objects.</para>
   </section>
 
+  <!-- XXX: Can we come up with a better name for this section? -->
   <section
-           id="introduction.security-definitions.resource-classification">
-    <title>Resource Classifications</title>
+           id="introduction.security-definitions.classifications">
+    <title>Subjects and Objects</title>
 
+    <!-- XXX: Does this resource reference also need to go? -->
     <para>This document classifies system resources into
       <emphasis>subjects</emphasis> and
       <emphasis>objects</emphasis>.  Most simply, a
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list