From owner-freebsd-config  Sat Jan 31 09:59:57 1998
Return-Path: <owner-config>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA11784
          for config-outgoing; Sat, 31 Jan 1998 09:59:57 -0800 (PST)
          (envelope-from owner-config)
Received: from relay.cs.tcd.ie (relay.cs.tcd.ie [134.226.32.56])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA11778
          for <config@freebsd.org>; Sat, 31 Jan 1998 09:59:55 -0800 (PST)
          (envelope-from careilly@monoid.cs.tcd.ie)
Received: from monoid.cs.tcd.ie (monoid.cs.tcd.ie [134.226.38.99])
	by relay.cs.tcd.ie (8.8.7/8.8.7) with ESMTP id RAA11812
	for <config@freebsd.org>; Sat, 31 Jan 1998 17:59:50 GMT
Received: from monoid.cs.tcd.ie (localhost.my.domain [127.0.0.1])
	by monoid.cs.tcd.ie (8.8.5/8.8.5) with ESMTP id RAA11219
	for <config@freebsd.org>; Sat, 31 Jan 1998 17:56:10 GMT
Message-Id: <199801311756.RAA11219@monoid.cs.tcd.ie>
To: config@freebsd.org
Subject: Re: WebAdmin (was: RE: /usr/src/release/sysinstall needs YOU.  
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <11214.886269369.1@monoid.cs.tcd.ie>
Date: Sat, 31 Jan 1998 17:56:10 +0000
From: Colman Reilly <careilly@monoid.cs.tcd.ie>
Sender: owner-config@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

[I'm resending this. I think I managed to misaddress this the first time.]

Mike said: 
        > OK.  Enough goading.  :-)

        OK.  8)  I saved this mesasge because it's a good place to start
        plugging Juliet again.  8)

        > I don't feel qualified enough to start down this path alone.   
	 There
        > are a lot of nontrivial security issues to deal with, and a lot   
	of
        > nontrivial configuration issues to deal with, too.

        This becomes easier when you layer the security issues.  I would   
	stop
        worrying about them for starters.

I've written up and published a summary of the architectural discussions   as
I understand them together with some of my thoughts on the security   issues
at http://www.cs.tcd.ie/~careilly/portia/ArchNotes. The network here has   been
a bit unstable over the last week or two so it may be a bit unreliable.
(Something to do with ATM switches I believe. What a suprise.)

It's only a draft that I knocked up over the last hour, so excuse the  quality.
I'll try and keep it up to date as the discussion progresses and I'll try
to write up a comprehensible explanation of what I mean by a "layered  access
control system" (LAX) over the weekend.

Apologies in advance if I've mis-interpreted any of the discussion. 

Colman