Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!columbia!rutgers!ucla-cs!zen!ucbvax!noah.arc.CDN!kenw
From: kenw@noah.arc.CDN (Ken Wallewein)
Newsgroups: comp.os.vms
Subject: Protected access to data files
Message-ID: <716*kenw@noah.arc.cdn>
Date: Wed, 5-Aug-87 08:12:36 EDT
Article-I.D.: noah.716*kenw
Posted: Wed Aug  5 08:12:36 1987
Date-Received: Sat, 8-Aug-87 00:45:49 EDT
References: <870728214511.00l@Sds.Sdsc.Edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 37

>  It would be desirable if non-privileged programmers could control
>    access to their data files through the programs that they write. An
>    "end-user" could only access the data through the program - not
>    DCL or a program that the end-user might write. A solution to
>    this problem should NOT require the system manager to install the
>    non-privileged programmers image.

  You're talking about an application for one of my pet ideas: A way to access
user-written software via a device driver. 
 
  Consider: You define a logical for the file/service desired, and everyone
opens it like a file. On the other end, maybe it opens a file, maybe it runs a
program that opens a file, maybe something else. The server program may use
it's own access control list, or whatever. 

  A given piece of application software shouldn't need to distinguish between
active and passive files. Just open it, do reads and writes, and close it.
Who care what the actual data path is?

  Except... say you wanted your files to be encrypted, but you didn't want
every application that accessed them to containg the encryption/decryption
algorithms? Active files to the rescue! Your front end does it all.

  You could sort of fake it by using mailboxes and a detached process. However,
access control is poor, and there is no way to do special open/close handling.
Also read/write syncronization is very weak, and shared access could get rather
tricky. What we want is transparency at the user level, right?

  I think such a piece of software would have so many uses we'll never be able
anticipate them all. Come on, all you device driver hacks, what do you think?
One of these days, if I ever learn enough about it, I way just write one
myself! 

/kenw
                                                                 A L B E R T A
Ken Wallewein                                                  R E S E A R C H
                                                                 C O U N C I L