Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!ames!pasteur!ucbvax!GATEWAY.MITRE.ORG!hal
From: hal@GATEWAY.MITRE.ORG
Newsgroups: comp.protocols.tcp-ip
Subject: IP access control
Message-ID: <8902261500.AA08325@sun.mitre.org>
Date: 26 Feb 89 15:00:42 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14


>   Who knows if  anything was/is/will be done to permit what DoD people
>    call "discretionary" access control at the IP level. Forms include
>   "filtering" based on host identity (address), host membership in a 
>   discretionary access control group, member of a subnet.

I should have added "discretionary access control performed by the
host IP server."  A few well designed gateways have such filtering, 
some quite  elaborate; however, what about host based software.

The IP security option carries "labels", some of which can be used for
access control and others which are  "advisory."  Does anyone know if 
any product will have a clean mechanism for passing these advisory labels
up to an application which can make use of them?