On Sat, 2008-11-08 at 18:58 +0900, KaiGai Kohei wrote: > This document gives us some of hints to be considered when we > apply mandatory access control facilities on database systems. > > However, it is not a specification of SE-PostgreSQL. > The series of documents assumes traditional multi-level-security > system, so it does not care about flexible policy, type-enforcement > rules and collaborating with operating system.
I'm sorry, but I don't understand your answer. The wiki seemed to indicate, to me, that the FK situation was a problem, so I was trying to provide a solution. Personally, I could live with it either way. But the important thing is: will this aspect prevent SEPostgreSQL from achieving Common Criteria certification, or not? If it will pass, then I'm happy, even if a different, better solution exists. If it will fail, then we must act. I'm not qualified to say what will happen, but it would be good to see a very clear answer on this. If it was already resolved, then please accept my apologies for raising the issue again. Please could you update the Wiki docs to explain the agreed resolution, its reasons and references? The design choices we make will be questioned again in the future, so it will be good to have them clear. Thanks. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
