DataMuseum.dk

top - metrics - download

    Length: 99125 (0x18335)
    Types: TextFile
    Names: »draft-ietf-tnfs-spec-00.ps«

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦this⟧ »./papers/IETF-drafts/draft-ietf-tnfs-spec-00.ps« 

TextFile

%!PS-Adobe-1.0
%%Creator: devps (Pipeline Associates, Inc.)
%%CreationDate: Mon Jul 22 19:17:58 1991
%%Pages: (atend)
%%DocumentFonts: (atend)

/X{exch}def
/r{rmoveto}def
/m{moveto}def
/l{lineto}def
/rl{rlineto}def
/lc{yc X xc X l st}def
/mc{yc X xc X m}def
/el{gs /a X def a div 1 X scale cp np a xc 2 div 0 360 arc st gr}def
/ar{cp 7 2 roll np xc 5 1 roll atan 3 1 roll atan X arc st}def
/sp{yc X xc X 6 2 roll yc X xc X 6 2 roll yc X xc X 6 2 roll ct}def
/st{stroke}def
/gs{gsave}def
/gr{grestore}def
/cp{currentpoint}def
/np{newpath}def
/ct{curveto}def
/m0{0 0 moveto}def
/BP{/devps-save save def m0}def
/EP{
clear devps-save restore
showpage}def
/res 10.000000 def
/V{res neg div 792 add
currentpoint pop X
m}def
/H{res div
currentpoint X pop
moveto}def
/h{res div 0 r}def
/v{res neg div 0 X r}def
/xc{res div}def
/yc{res neg div 792 add}def
/S{X H show}def
/psize 10 def
/height 1 def
/slant 0 def
/FF{findfont X dup 12 div setlinewidth /psize X def
    [psize 0 psize height mul slant sin slant cos div mul psize height mul 0 0]
    makefont setfont}def
/shade{gs
 /dy X def
 /dx X def
 np m
 setgray
 0 dy rl
 dx 0 rl
 0 dy neg rl
 dx neg 0 rl
 closepath
 fill
gr}def
1 setlinecap
/R{/Times-Roman FF}def
/B{/Times-Bold FF}def
%% Troff special characters not on Symbol font
%% Copyright (C) 1986 by Pipeline Associates, Inc.
%% Version 1.1
/altRTD 20 dict def
altRTD begin
/s{setcachedevice}def
/C{1000 1000 scale}def
/m{moveto}def
/c{curveto}def
/S{stroke}def
/l{lineto}def
/a{arcto}def
/p{pop}def
/sl{setlinewidth}def
end
/F_Troff 17 dict def F_Troff begin
systemdict /currentpacking known
{/SavePacking currentpacking def true setpacking}if
/PaintType 0 def
/FontType 3 def
/StrokeWidth 0 def
/UniqueID 8277003 def
/FontMatrix [.001000 0 0 .001000 0 0] def
/FontBBox [-12 -105 942 855 ] def
/Encoding 256 array def
/CD 256 1 add dict def
/FontInfo 3 dict def FontInfo begin
/UnderlinePosition -133 def /UnderlineThickness 20 def end
/FontName (Troff) def
0 1 256 1 sub{Encoding exch /.notdef put}for
CD /.notdef{500 0 setcharwidth{}}put
Encoding (1) 0 get /br put
%% bold vertical rule used by tbl
CD /br{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
0 .9 l
{S}
}put
Encoding (2) 0 get /ul put
%% underline used by tbl
CD /ul{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
.5 -.1 l
{S}
}put
Encoding (3) 0 get /ru put
%% baseline rule
CD /ru{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
m0
.5 0 l
{S}
}put
Encoding (4) 0 get /vr put
%% vertical rule
CD /vr{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
m0
0 1 l
{S}
}put
Encoding (5) 0 get /sq put
%% square
CD /sq{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{S}
}put
Encoding (6) 0 get /bx put
%% solid box
CD /bx{
C
.5 0 -.5 -.5 1 1 s
np
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{fill}
}put
Encoding (7) 0 get /rn put
%% radical extender
CD /rn{
C
.5 0 -.5 -.5 1 1 s
np
.03 sl
-.03 .9 m
.5 0 rl
{S}
}put
Encoding (8) 0 get /GR put
%% gray mask
CD /GR{
C
.5 0 setcharwidth
.5 setgray
np
0 -.1 m
0 1 rl
.5 0 rl
0 -1 rl
-.5 0 rl
closepath
{fill}
}put
Encoding 97 /a put
CD /a{1000 0 0 66 942 421 s 430 415
m 578 406 678 349 662 319 c 655 306 614 287 583
296 c 570 300 466 340 438 332 c 365 309 335 213
270 209 c 0 310 m 108 310 l 108 114 l 0
114 l 0 310 l 42 161 m 42 134 l 66 134 l 66
161 l 42 161 l 47 155 m 47 140 l 62 140 l 62
155 l 47 155 l 110 133 m 226 113 300 66 410
80 c 497 91 550 69 634 76 c 645 76 663 92 669
107 c 677 125 673 141 668 160 c 725 334 m 758
332 734 253 701 250 c 501 325 m 475 316 476 309
473 302 c 465 282 482 263 499 257 c 552 236 615
253 689 253 c 701 253 713 236 713 218 c 712 194
702 168 678 161 c 671 159 663 160 655 160 c 591
158 516 156 479 168 c 461 173 453 191 453 210 c 453
224 456 235 466 244 c 476 253 490 252 503 255 c 459
84 m 447 96 435 106 435 123 c 435 136 440 145 447
155 c 453 163 462 168 469 173 c 110 293 m 173
318 300 421 435 415 c 609 407 852 416 885 411 c 898
409 924 411 930 380 c 942 316 828 339 742 334 c 731
334 730 335 725 335 c 701 336 685 336 660 336 c{S}}put
Encoding 98 /b put
CD /b{1000 0 -12 66 930 421 s 500
415 m 352 406 252 349 268 319 c 275 306 316 287
347 296 c 360 300 464 340 492 332 c 565 309 595
213 660 209 c 930 310 m 822 310 l 822 114 l 930
114 l 930 310 l 888 161 m 888 134 l 864 134
l 864 161 l 888 161 l 883 155 m 883 140 l 868
140 l 868 155 l 883 155 l 820 133 m 704 113
630 66 520 80 c 433 91 380 69 296 76 c 285 76
267 92 261 107 c 253 125 257 141 262 160 c 205
334 m 172 332 196 253 229 250 c 429 325 m 455
316 454 309 457 302 c 465 282 448 263 431 257 c 378
236 315 253 241 253 c 229 253 217 236 217 218 c 218
194 228 168 252 161 c 259 159 267 160 275 160 c 339
158 414 156 451 168 c 469 173 477 191 477 210 c 477
224 474 235 464 244 c 454 253 440 252 427 255 c 471
84 m 483 96 495 106 495 123 c 495 136 490 145 483
155 c 477 163 468 168 461 173 c 820 293 m 757
318 630 421 495 415 c 321 407 78 416 45 411 c 32
409 6 411 0 380 c -12 316 102 339 188 334 c 199
334 200 335 205 335 c 229 336 245 336 270 336 c{S}}put
Encoding 99 /c put
CD /c{1000 0 184 0 827 627 s 185 315
m 186 488 332 627 505 625 c 682 623 827 467 815
290 c 804 124 666 0 500 0 c 327 0 184 142 185
315 c{S}}put
Encoding 100 /d put
CD /d{590 0 134 158 477 500 s 300
160 m 208 162 134 238 135 330 c 136 423 212 500
305 500 c 397 500 473 427 475 335 c 477 239 396
158 300 160 c{fill}}put
Encoding 101 /e put	% Bell Symbol
CD /e{1010 0 -100 -210 1010 1010 s 100 sl 0 setlinecap
420 300 450 0 360 arc
420 650 m 420 575 l S
newpath 120 125 m 720 125 l 75 sl S
420 125 m 420 25 l S
220 400 m 220 175 120 175 100 a p p p p
220 400 m 220 550 420 550 80 a p p p p 
620 400 m 620 175 720 175 100 a p p p p
620 400 m 620 550 420 550 80 a p p p p
295 550 m 545 550 l{S}}put
/BuildChar{altRTD /BuildChar get exec}def end
altRTD begin /BuildChar{altRTD begin
/char exch def /fontdict exch def save
/charname fontdict /Encoding get char get def
fontdict /StrokeWidth get sl
fontdict /CD get dup charname known
{charname}{/.notdef}ifelse get newpath exec
fontdict /PaintType get 0 eq{exec}{p S}ifelse
restore end}def end
systemdict /currentpacking known{F_Troff /SavePacking get setpacking}if
/Troff F_Troff definefont pop
/Y1{/Troff FF}def
/I{/Times-Italic FF}def
%%EndProlog
%%Page: 1 1
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
840 V
1939(Request)S
2291(for)S
2437(Comments)S
2901(On)S
3053(A)S
3155(Speci\256cation)S
3707(of)S
720 H
960 V
2016(Trusted)S
2351(NFS)S
2565(\(TNFS\))S
2906(Protocol)S
3275(Extensions)S
720 H
1440 V
10 B
720(1.)S
855(Status)S
1152(Of)S
1293(This)S
1513(Memo)S
720 H
1596 V
10 R
720(This)S
938(draft)S
1166(document)S
1600(speci\256es)S
1984(extensions)S
2446(to)S
2564(RFC)S
2794(1094)S
3034([1])S
3190(which)S
3474(support)S
3815(network)S
4183(\256le)S
4352(access)S
4647(in)S
4766(a)S
4851(mul-)S
720 H
1716 V
720(tilevel)S
1002(secure)S
1288(\(MLS\))S
1592(network)S
1951(environment)S
1684 V
8 R
2456(1)S
1716 V
10 R
2496(.)S
2583(This)S
2793(draft)S
3013(was)S
3201(approved)S
3605(by)S
3738(the)S
3893(Trusted)S
4231(Systems)S
4598(Interopera-)S
720 H
1836 V
720(bility)S
962(Group)S
1247(\(TSIG\),)S
1590(whose)S
1875(charter)S
2181(is)S
2278(to)S
2386(promote)S
2749(multi-vendor)S
3301(trusted)S
3603(system)S
3911(interoperability.)S
720 H
2076 V
10 B
720(2.)S
855(Abstract)S
720 H
2232 V
10 R
720(Additional)S
1184(functionality)S
1731(has)S
1900(been)S
2124(developed)S
2570(for)S
2722(UNIX\262)S
3057(systems)S
3410(to)S
3524(address)S
3859(the)S
4017(TCSEC)S
4366([2])S
4519(requirements)S
720 H
2352 V
720(for)S
875(trusted)S
1186(systems.)S
1596(New)S
1822(requirements)S
2381(are)S
2540(driving)S
2867(e)S
2911 H
	(f)show 10 -.5 mul h (f)show
10 R
2972(orts)S
3160(to)S
3276(develop)S
3630(interoperable,)S
4219(networked)S
4678(solutions)S
720 H
2472 V
720(for)S
893(trusted)S
1222(UNIX)S
1528(environments.)S
2185(A)S
2315(speci\256c)S
2678(approach)S
3101(for)S
3275(addressing)S
3760(TCSEC)S
4130(MLS)S
4394(requirements)S
4973(is)S
720 H
2592 V
720(identi\256ed)S
1151(in)S
1282(the)S
1457(CMW)S
1760(requirements)S
2334(document)S
2781([3].)S
3005(Developing)S
3524(support)S
3877(for)S
4045(network)S
4424(interoperability)S
720 H
2712 V
720(among)S
1022(MLS)S
1258(classi\256ed)S
1660(systems)S
2007(is)S
2104(a)S
2178(primary)S
2524(goal)S
2726(of)S
2839(the)S
2991(trusted)S
3293(UNIX)S
3572(community.)S
720 H
2868 V
720(Sun)S
924(Microsystem's)S
1566(Network)S
1963(File)S
2167(System)S
2510(V2)S
2680(protocol)S
3061(is)S
3176(an)S
3318(industry)S
3694(\(de)S
3869(facto\))S
4149(standard)S
4536(network)S
4912(\256le)S
720 H
2988 V
720(access)S
1018(mechanism,)S
1541(and)S
1728(represents)S
2175(one)S
2362(of)S
2488(the)S
2653(key)S
2840(components)S
3366(of)S
3492(system)S
3813(interoperability)S
4472(in)S
4593(the)S
4758(current)S
720 H
3108 V
720(UNIX)S
1005(networking)S
1496(market.)S
1834(This)S
2048(draft)S
2272(document)S
2702(describes)S
3109(extensions)S
3567(to)S
3681(the)S
3839(NFS)S
4059(V2)S
4217(protocol)S
4587(which)S
4868(sup-)S
720 H
3228 V
720(port)S
914(network)S
1274(\256le)S
1435(access)S
1722(in)S
1833(a)S
1909(MLS)S
2147(network)S
2506(environment.)S
3098(It)S
3191(will)S
3379(be)S
3505(submitted)S
3932(to)S
4042(the)S
4196(RFC)S
4418(editor)S
4683(as)S
4798(a)S
4874(pro-)S
720 H
3348 V
720(tocol)S
954(speci\256cation.)S
1518(Distribution)S
2036(of)S
2153(this)S
2333(draft)S
2556(document)S
2985(is)S
3087(unlimited.)S
3561(Please)S
3851(send)S
4069(comments)S
4515(to)S
4628(the)S
4785(author)S
720 H
3468 V
720(at)S
822(the)S
974(address)S
1303(identi\256ed)S
1711(in)S
1819(section)S
2132(6)S
2212(below.)S
720 H
3708 V
10 B
720(3.)S
855(MLS)S
1102(Security)S
1487(Extensions)S
720 H
3864 V
10 R
720(MLS)S
957(security)S
1304(functionality)S
1846(includes)S
2210(discretionary)S
2763(access)S
3049(control)S
3364(\(DAC\),)S
3698(subject)S
4013(and)S
4189(object)S
4465(security)S
4813(label-)S
720 H
3984 V
720(ing,)S
906(mandatory)S
1365(access)S
1651(control)S
1966(\(MAC\),)S
2317(authentication,)S
2940(auditing,)S
3325(and)S
3501(documentation.)S
4182(Exchanging)S
4691(informa-)S
720 H
4104 V
720(tion)S
910(between)S
1276(MLS)S
1517(systems)S
1869(requires)S
2225(communicating)S
2882(additional)S
3317(security)S
3668(information)S
4175(along)S
4432(with)S
4645(the)S
4802(actual)S
720 H
4224 V
720(data.)S
720 H
4380 V
720(The)S
916(primary)S
1273(goal)S
1486(of)S
1610(this)S
1796(speci\256cation)S
2342(is)S
2450(to)S
2569(describe)S
2942(extensions)S
3405(to)S
3525(the)S
3689(NFS)S
3915(V2)S
4079(protocol)S
4454(which)S
4740(support)S
720 H
4500 V
720(network)S
1081(\256le)S
1243(access)S
1531(between)S
1897(MLS)S
2137(systems)S
2488(with)S
2700(a)S
2778(minimal)S
3146(impact)S
3452(on)S
3586(the)S
3742(existing)S
4094(NFS)S
4313(V2)S
4470(environment)S
4468 V
8 R
4975(2)S
4500 V
10 R
5015(.)S
720 H
4620 V
720(It)S
814(is)S
914(also)S
1108(intended)S
1484(that)S
1666(this)S
1843(MLS)S
2081(environment)S
2618(will)S
2806(permit)S
3099(unmodi\256ed)S
3587(NFS)S
3803(clients)S
4096(and)S
4272(servers)S
4586(to)S
4696(continue)S
720 H
4740 V
720(to)S
828(be)S
952(fully)S
1171(supported.)S
720 H
4896 V
720(The)S
906(general)S
1230(approach)S
1626(used)S
1840(in)S
1949(extending)S
2374(the)S
2527(NFS)S
2742(V2)S
2895(protocol)S
3259(is)S
3357(to)S
3466(transport)S
3852(additional)S
4284(user)S
4482(context)S
4808(in)S
4918(the)S
720 H
5016 V
720(form)S
946(of)S
1061(an)S
1187(extended)S
1579(NFS)S
1795(UNIX)S
2076(style)S
2297(credential)S
2722(between)S
3086(a)S
3162(Trusted)S
3499(NFS)S
3715(\(TNFS\))S
4058(client)S
4312(and)S
4488(server,)S
4787(and)S
4962(to)S
720 H
5136 V
720(map)S
923(that)S
1104(context)S
1429(into)S
1616(the)S
1770(appropriate)S
2256(server)S
2531(security)S
2879(policies)S
3222(which)S
3498(address)S
3829(\256le)S
3989(access.)S
4330(In)S
4445(addition,)S
4830(secu-)S
720 H
5256 V
720(rity)S
898(\256le)S
1065(attributes)S
1476(are)S
1636(returned)S
2007(with)S
2224(each)S
2445(NFS)S
2668(\(TNFS\))S
3018(procedure)S
3455(call.)S
3692(Otherwise,)S
4165(the)S
4325(NFS)S
4547(V2)S
4707(protocol)S
720 H
5376 V
720(remains)S
1066(essentially)S
1518(unchanged.)S
720 H
5532 V
720(Two)S
933(companion)S
1407(documents)S
1870([4][5])S
2132(complete)S
2528(the)S
2680(set)S
2821(of)S
2934(documentation)S
3558(describing)S
4004(the)S
4156(TNFS)S
4431(environment.)S
720 H
5772 V
10 B
720(3.1.)S
930(The)S
1127(Extended)S
1563(User)S
1792(Context)S
720 H
5928 V
10 R
720(The)S
905(Sun)S
1091(RPC)S
1311(protocol)S
1674([6][7])S
1936(includes)S
2299(two)S
2479(authentication)S
3075(parameters)S
3542(in)S
3650(a)S
3724(request)S
4042(message:)S
720 H
6084 V
970(an)S
1105(authentication)S
1712(credential)S
2146(-)S
2220(used)S
2444(to)S
2563(identify)S
2915(or)S
3040(present)S
3370(a)S
3456(client)S
3720(subject's)S
4117(credentials)S
4591(to)S
4711(a)S
4797(server)S
720 H
6204 V
970(along)S
1222(with)S
1430(a)S
1504(given)S
1756(request)S
2074(for)S
2220(access)S
2504(or)S
2617(information,)S
3144(and)S
720 H
6360 V
970(an)S
1094(authentication)S
1690(veri\256er)S
2008(-)S
2071(used)S
2284(to)S
2392(validate)S
2738(the)S
2890(subject's)S
3275(credentials,)S
720 H
6626 V
8 Y1
720(333333333333333333)S
720 H
6720 V
6 R
820(1)S
6744 V
8 R
890(Multilevel)S
1245(Secure)S
1485(systems)S
1761(include,)S
2039(for)S
2155(example,)S
2468(support)S
2731(for)S
2847(B1)S
2965(and)S
3104(CMW)S
3328(security)S
3603(policies.)S
720 H
6862 V
820(\262)S
900(UNIX)S
1124(is)S
1201(a)S
1260(registered)S
1596(trademark)S
1941(of)S
2031(A.)S
2133(T.)S
2226(&)S
2312(T.)S
720 H
6956 V
6 R
820(2)S
6980 V
8 R
890(Revisions)S
1241(to)S
1339(the)S
1472(NFS)S
1656(V2)S
1790(protocol)S
2091(have)S
2277(been)S
2463(speci\256ed)S
2782(and)S
2933(presented)S
3273(for)S
3401(comment)S
3733(to)S
3830(the)S
3962(NFS)S
4145(community;)S
4565(this)S
720 H
7080 V
720(document)S
1058(addresses)S
1386(extensions)S
1746(to)S
1832(the)S
1953(V2)S
2075(protocol)S
2364(only.)S
720 H
7680 V
10 R
720(Trusted Systems Interoperability Group)S
4700([Page 1])S
7920 V
EP
%%Page: 2 2
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720(and)S
894(an)S
1018(authentication)S
1614(veri\256er)S
1932(in)S
2040(the)S
2192(RPC)S
2412(response)S
2791(message.)S
720 H
996 V
720(An)S
872(NFS)S
1086(server)S
1359(uses)S
1561(the)S
1713(client)S
1965(subject's)S
2350(credentials)S
2812(to)S
2920(perform)S
3271(appropriate)S
3755(access)S
4039(checks)S
4340(prior)S
4565(to)S
4674(servicing)S
720 H
1116 V
720(the)S
873(request.)S
1247(The)S
1433(veri\256er)S
1752(parameter)S
2181(in)S
2290(the)S
2443(RPC)S
2664(request)S
2983(message)S
3351(is)S
3448(used)S
3661(to)S
3769(authenticate)S
4281(the)S
4433(client)S
4685(subject's)S
720 H
1236 V
720(credentials)S
1204 V
8 R
1152(3)S
1236 V
10 R
1192(.)S
720 H
1392 V
720(Several)S
1056(styles)S
1321(of)S
1441(authentication)S
2044(are)S
2202(currently)S
2599(de\256ned)S
2930(for)S
3084(NFS)S
1360 V
8 R
3268(4)S
1392 V
10 R
3308(,)S
3371(and)S
3553(an)S
3685(NFS)S
3907(server)S
4188(may)S
4398(elect)S
4624(to)S
4740(support)S
720 H
1512 V
720(multiple)S
1087(authentication)S
1686(styles)S
1947(concurrently.)S
2539(A)S
2644(new)S
2843(RPC)S
3065(authentication)S
3663(style,)S
3909(AUTH_MLS,)S
4499(is)S
4598(de\256ned)S
4924(for)S
720 H
1632 V
720(use)S
887(in)S
999(the)S
1155(TNFS)S
1435(environment.)S
2000(The)S
2190(de\256nition)S
2609(of)S
2727(the)S
2884(AUTH_MLS)S
3452(credential)S
3880(combines)S
4298(the)S
4455(information)S
4962(in)S
720 H
1752 V
720(the)S
872(AUTH_UNIX)S
1478(credential)S
1901(with)S
2109(extensions)S
2561(for)S
2707(the)S
2859(additional)S
3289(security)S
3635(attributes:)S
720 H
1908 V
970(o)S
1220(audit)S
1456(id)S
1570(-)S
1640(immutable)S
2105(subject)S
2425(\(user\))S
2694(identi\256er,)S
3117(not)S
3282(a)S
3326 H
	(f)show 10 -.5 mul h (f)show
10 R
3387(ected)S
3634(by)S
3771(modi\256cations)S
4353(to)S
4468(either)S
4732(the)S
4891(real)S
720 H
2028 V
1220(or)S
1333(e)S
1377 H
	(f)show 10 -.5 mul h (f)show
10 R
1438(ective)S
1706(user)S
1902(or)S
2015(group)S
2278(identi\256ers,)S
720 H
2184 V
970(o)S
1220(sensitivity)S
1670(label)S
1902(-)S
1973(used)S
2194(with)S
2410(a)S
2492(MAC)S
2758(policy;)S
3075(a)S
3158(subject)S
3480(generally)S
3890(has)S
4062(a)S
4145(static,)S
4420(top-level)S
4814(clear-)S
720 H
2304 V
1220(ance,)S
1473(but)S
1647(is)S
1760(permitted)S
2189(to)S
2313(execute)S
2662(processes)S
3089(at)S
3206(a)S
3295(sensitivity)S
3752(level)S
3991(di)S
4069 H
	(f)show 10 -.5 mul h (f)show
10 R
4130(erent)S
4374(from)S
4613(\(i.e.)S
4813(lower)S
720 H
2424 V
1220(than\))S
1455(his/her)S
1757(actual)S
2025(clearance,)S
720 H
2580 V
970(o)S
1220(information)S
1723(label)S
1948(-)S
2013(also)S
2206(used)S
2421(with)S
2631(a)S
2707(MAC)S
2967(policy;)S
3277(dynamically)S
3803(adjusted)S
4168(based)S
4427(upon)S
4659(the)S
4813(infor-)S
720 H
2700 V
1220(mation)S
1528(content)S
1852(associated)S
2292(with)S
2500(the)S
2652(subject)S
2965(\(or)S
3111(object\),)S
720 H
2856 V
970(o)S
1220(integrity)S
1608(label)S
1851(-)S
1933(used)S
2165(with)S
2392(commercial,)S
2937(multi-party)S
3437(security)S
3803(policy)S
4103(\(eg.)S
4305(Clark-Wilson)S
4899([8],)S
720 H
2976 V
1220(Biba)S
1439([9]\),)S
720 H
3132 V
970(o)S
1220(privilege)S
1606(mask)S
1848(-)S
1912(used)S
2126(to)S
2235(identify)S
2577(privileges)S
3002(\(eg.)S
3185(chown,)S
3507(chmod\))S
3844(or)S
3959("rights")S
4301(granted)S
4632(to)S
4742(a)S
4818(given)S
720 H
3252 V
1220(subject,)S
1558(generally)S
1959(to)S
2067(override)S
2429(an)S
2553(existing)S
2900(security)S
3246(policy,)S
3551(and)S
720 H
3408 V
970(o)S
1220(national)S
1572(caveat)S
1856(label)S
2080(-)S
2143(used)S
2356(with)S
2564(multi-national)S
3161(security)S
3507(policy)S
3787([10])S
720 H
3564 V
720(The)S
909(additional)S
1343(security)S
1693(attributes)S
2099(will)S
2289(actually)S
2639(be)S
2767(represented)S
3261(within)S
3552(the)S
3709(AUTH_MLS)S
4277(credential)S
4705(by)S
4840(\256xed)S
720 H
3684 V
720(size)S
10 I
910(tokens)S
10 R
1165(,)S
1225(which)S
1504(can)S
1677(support)S
2012(multiple)S
2381(translation)S
2838(schemes)S
3211(through)S
3557(the)S
3714(use)S
3882(of)S
4000(an)S
4129(appropriate)S
4618(translation)S
720 H
3804 V
720(mechanism)S
1237([5].)S
1470(For)S
1671(instance,)S
2085(mechanisms)S
2641(such)S
2886(as)S
3031(M.I.T.)S
3351(Project)S
3697(Athena's)S
4120(Hesiod/BIND)S
4738(or)S
4884(Sun)S
720 H
3924 V
720(Microsystem's)S
1350(NIS)S
3892 V
8 R
1511(5)S
3924 V
10 R
1587(lookup)S
1901(service)S
2219(could)S
2477(be)S
2607(used)S
2826(to)S
2940(support)S
3276(the)S
3435(translation)S
3894(of)S
4014(tokens)S
4312(and)S
4493(security)S
4846(attri-)S
720 H
4044 V
720(bute)S
922(information.)S
720 H
4200 V
720(There)S
992(are)S
1153(several)S
1475(advantages)S
1958(to)S
2076(the)S
2238(use)S
2412(of)S
2536(a)S
2621(token)S
2884(translation)S
3347(model.)S
3693(One)S
3900(major)S
4174(advantage)S
4619(is)S
4727(that)S
4918(the)S
720 H
4320 V
720(actual)S
1006(security)S
1370(attribute)S
1751(information)S
2271(may)S
2491(be)S
2633(de\256ned)S
2974(within)S
3277(the)S
3446(translation)S
3915(service,)S
4269(while)S
4538(the)S
4707(attribute)S
720 H
4440 V
720(representation)S
1319(may)S
1525(be)S
1653(de\256ned)S
1981(by)S
2115(a)S
2193(small,)S
2469(\256xed)S
2703(sized)S
2942(token)S
3198(within)S
3488(the)S
3644(relatively)S
4055(small)S
4306(amount)S
4640(of)S
4757(unallo-)S
720 H
4560 V
720(cated)S
966(space)S
1223(in)S
1337(the)S
1495(credential)S
1924(structure.)S
2364(A)S
2472(second)S
2784(advantage)S
3223(of)S
3341(a)S
3420(translation)S
3877(model)S
4162(is)S
4264(that)S
4449(it)S
4540(may)S
4747(accom-)S
720 H
4680 V
720(modate)S
1059(multiple)S
1438(security)S
1799(policies)S
2155(and)S
2344(translations.)S
2905(Finally,)S
3259(a)S
3348(token)S
3615(translation)S
4082(model)S
4378(permits)S
4724(security)S
720 H
4800 V
720(policies)S
1064(to)S
1175(be)S
1302(developed)S
1744(independently)S
2342(from)S
2568(the)S
2722(translation)S
3176(mechanism.)S
3688(Tokens)S
4014(are)S
4167(transferred)S
4630(within)S
4918(the)S
720 H
4920 V
720(AUTH_MLS)S
1297(credential)S
1734(as)S
1861(opaque)S
2193(objects)S
2520(which)S
2808(are)S
2973(given)S
3239(context)S
3578(by)S
3723(the)S
3890(security)S
4251(policy)S
4546(mechanisms)S
720 H
5040 V
720(implemented)S
1272(by)S
1402(the)S
1554(TNFS)S
1829(clients)S
2120(and)S
2294(servers.)S
720 H
5196 V
720(Note)S
951(that)S
1138(although)S
1525(tokens)S
1823(are)S
1981(de\256ned)S
2312(as)S
2433(opaque)S
2759(objects,)S
3105(tokens)S
3404(which)S
3686(represent)S
4089(the)S
4249(same)S
4492(security)S
4846(attri-)S
720 H
5316 V
720(bute)S
932(and)S
1116(which)S
1400(reside)S
1678(within)S
1974(the)S
2136(same)S
2381(translation)S
2843(scheme)S
3182(may)S
3394(be)S
3528(compared)S
3960(for)S
4115(equality.)S
4531(This)S
4748(charac-)S
720 H
5436 V
720(teristic)S
1031(permits)S
1370(tokens)S
1670(representing)S
2202(a)S
2286(speci\256c)S
2631(security)S
2987(attribute)S
3360(to)S
3478(be)S
3612(referenced)S
4071(in)S
4189(comparisons)S
4734(without)S
720 H
5556 V
720(requiring)S
1116(the)S
1268(tokens)S
1559(to)S
1667(be)S
1791(translated.)S
720 H
5796 V
10 B
720(3.2.)S
930(Network)S
1331(Provided)S
1750(Security)S
2135(Attribute)S
2564(Labels)S
720 H
5952 V
10 R
720(Support)S
1074(for)S
1227(the)S
1386(transfer)S
1727(of)S
1847(MAC)S
2112(sensitivity)S
2561(labels)S
2831(for)S
2984(the)S
3143(Internet)S
3491(Protocol)S
3868(Suite)S
4112(has)S
4283(been)S
4509(addressed)S
4940(by)S
720 H
6072 V
720(the)S
880(CIPSO)S
1202([11],)S
1431(and)S
1613(RIPSO)S
1935([12])S
2139(documents.)S
2665(The)S
2858(security)S
3212(information)S
3722(de\256ned)S
4054(within)S
4348(the)S
4507(AUTH_MLS)S
720 H
6192 V
720(credential,)S
1175(however,)S
1580(provides)S
1961(for)S
2114(the)S
2273(transfer)S
2614(of)S
2734(security)S
3087(attributes)S
3496(required)S
3865(to)S
3980(support)S
4317(MLS)S
4560(access)S
4851(poli-)S
720 H
6312 V
720(cies)S
916(without)S
1263(requiring)S
1670(the)S
1832(underlying)S
2305(network)S
2672(layer)S
2911(to)S
3029(provide)S
3374(security)S
3730(attribute)S
4103(information.)S
4670(Transfer-)S
720 H
6432 V
720(ring)S
914(security)S
1263(attributes)S
1668(within)S
1958(the)S
2114(RPC)S
2338(layer)S
2571(also)S
2766(provides)S
3144(for)S
3294(the)S
3450(support)S
3784(of)S
3901(a)S
3979(policy)S
4263(where)S
4540(data)S
4740(may)S
4946(be)S
720 H
6552 V
720(transferred)S
1187(with)S
1401(a)S
1481(security)S
1833(classi\256cation)S
2390(which)S
2669(is)S
2771(di)S
2849 H
	(f)show 10 -.5 mul h (f)show
10 R
2910(erent)S
3144(from)S
3373(the)S
3530(security)S
3881(classi\256cation)S
4438(of)S
4556(the)S
4713(network)S
720 H
6652 V
8 Y1
720(333333333333333333)S
720 H
6746 V
6 R
820(3)S
6770 V
8 R
890(Authentication)S
1389(of)S
1481(client)S
1683(and)S
1824(server)S
2043(identities)S
2360(is)S
2439(not)S
2567(currently)S
2879(addressed)S
3218(in)S
3306(this)S
3447(speci\256cation,)S
3896(but)S
4025(will)S
4176(be)S
4278(addressed)S
4618(in)S
720 H
6870 V
720(a)S
779(future)S
992(revision.)S
720 H
6964 V
6 R
820(4)S
6988 V
8 R
890(Styles)S
1109(currently)S
1419(de\256ned)S
1678(are)S
1798(AUTH_NONE,)S
2328(AUTH_UNIX,)S
2835(AUTH_SHORT,)S
3406(and)S
3545(AUTH_DES.)S
720 H
7082 V
6 R
820(5)S
7106 V
8 R
890(Network)S
1193(Information)S
1596(Service,)S
1878(known)S
2120(previously)S
2480(as)S
2570(the)S
2691(Yellow)S
2950(Pages)S
3160(Service)S
720 H
7680 V
10 R
720(Trusted Systems Interoperability Group)S
4700([Page 2])S
7920 V
EP
%%Page: 3 3
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720(layer.)S
999(For)S
1193(instance,)S
1600(\256le)S
1783(data)S
2005(with)S
2239(a)S
2339(given)S
2617(security)S
2989(classi\256cation)S
3567(might)S
3857(\256rst)S
4069(be)S
4219(encrypted)S
4668(and)S
4868(then)S
720 H
960 V
720(transferred)S
1192(through)S
1544(a)S
1629(network)S
1997(with)S
2216(a)S
2300(lower)S
2567(security)S
2923(classi\256cation.)S
3510(If)S
3616(security)S
3972(attributes)S
4384(are)S
4545(provided)S
4940(by)S
720 H
1080 V
720(both)S
941(the)S
1106(RPC)S
1339(layer)S
1581(and)S
1768(the)S
1934(underlying)S
2411(network)S
2782(layer,)S
3050(then)S
3266(the)S
3432(security)S
3792(attribute)S
4169(information)S
4685(provided)S
720 H
1200 V
720(within)S
1006(the)S
1158(AUTH_MLS)S
1721(credential)S
2144(shall)S
2363(be)S
2487(applied)S
2811(to)S
2919(the)S
3071(\256le)S
3229(data)S
3425(transferred)S
3886(within)S
4172(the)S
4324(RPC)S
4544(message.)S
720 H
1440 V
10 B
720(3.3.)S
930(Discretionary)S
1542(Access)S
1854(Control)S
720 H
1596 V
10 R
720(A)S
836(Discretionary)S
1423(Access)S
1749(Control)S
2099(\(DAC\))S
2420(policy)S
2714(provides)S
3102(for)S
3262(the)S
3429(restriction)S
3879(of)S
4007(subject)S
4335(access)S
4634(to)S
4757(objects)S
720 H
1716 V
720(based)S
989(on)S
1131(the)S
1295(identity)S
1643(of)S
1767(subjects)S
2130(and/or)S
2426(the)S
2589(groups)S
2902(for)S
3059(which)S
3344(they)S
3557(are)S
3719(members.)S
4181(Most)S
4428(secure)S
4723(systems)S
720 H
1836 V
720(address)S
1064(DAC)S
1320(requirements)S
1886(through)S
2242(the)S
2409(use)S
2587(of)S
2715(access)S
3014(control)S
3342(lists.)S
3604(Associated)S
4088(with)S
4312(each)S
4540(\256le)S
4714(is)S
4827(a)S
4917(list)S
720 H
1956 V
720(which)S
1012(identi\256es)S
1427(the)S
1597(set)S
1756(of)S
1887(user)S
2101(and)S
2293(group)S
2574(combinations)S
3161(authorized)S
3629(to)S
3754(access)S
4055(the)S
4224(\256le,)S
4424(along)S
4693(with)S
4918(the)S
720 H
2076 V
720(access)S
1004(privileges)S
1428(associated)S
1868(with)S
2076(each)S
2288(combination.)S
720 H
2232 V
720(The)S
921(information)S
1439(contained)S
1873(in)S
1997(the)S
2166(AUTH_MLS)S
2746(credential)S
3186(of)S
3316(a)S
3407(TNFS)S
3699(client)S
3968(request)S
4303(includes)S
4683(user)S
4896(and)S
720 H
2352 V
720(group)S
985(identi\256cation)S
1545(su)S
1634 H
	(f)show 10 -.5 mul h (\256)show
10 R
1718(cient)S
1944(to)S
2054(permit)S
2347(the)S
2501(server)S
2776(to)S
2885(apply)S
3138(appropriate)S
3623(DAC)S
3865(policies)S
4207(in)S
4316(controlling)S
4786(access)S
720 H
2472 V
720(to)S
833(its)S
963(shared,)S
1283(local)S
1512(\256le)S
1675(objects.)S
2048(For)S
2222(example,)S
2620(the)S
2777(subject)S
3095(represented)S
3589(by)S
3724(the)S
3881(user)S
4082(and/or)S
4372(group)S
4640(identi\256ers)S
720 H
2592 V
720(contained)S
1142(in)S
1254(the)S
1410(client)S
1666(request)S
1988(may)S
2194(be)S
2322(checked)S
2682(against)S
2999(the)S
3155(access)S
3442(control)S
3758(list)S
3914(information)S
4419(associated)S
4862(with)S
720 H
2712 V
720(the)S
873(referenced)S
1323(\256le)S
1482(on)S
1613(the)S
1766(server.)S
2065(Access)S
2378(control)S
2692(list)S
2847(information)S
3351(is)S
3450(not)S
3610(required)S
3974(to)S
4084(be)S
4210(transmitted)S
4692(from)S
4918(the)S
720 H
2832 V
720(client)S
983(to)S
1102(the)S
1265(server)S
1549(in)S
1668(support)S
2009(of)S
2133(a)S
2218(server)S
2502(based)S
2770(access)S
3065(control)S
3389(policy.)S
3735(Client)S
4021(based)S
4289(support)S
4630(for)S
4786(access)S
720 H
2952 V
720(control)S
1040(of)S
1160(server)S
1440(based)S
1705(\256le)S
1871(objects)S
2192(is)S
2297(discussed)S
2718(below)S
3000(in)S
3116(the)S
3276(section)S
3597(which)S
3879(describes)S
4288(the)S
4448(extended)S
4846(attri-)S
720 H
3072 V
720(bute)S
922(cache.)S
720 H
3312 V
10 B
720(3.4.)S
930(Mandatory)S
1443(Access)S
1755(Control)S
720 H
3468 V
10 R
720(A)S
824(Mandatory)S
1294(Access)S
1608(Control)S
1946(\(MAC\))S
2272(policy)S
2554(provides)S
2930(for)S
3078(the)S
3232(restriction)S
3669(of)S
3784(subject)S
4099(access)S
4386(to)S
4497(objects)S
4813(based)S
720 H
3588 V
720(on)S
852(the)S
1006(sensitivity)S
1450(of)S
1565(the)S
1719(information)S
2223(contained)S
2643(in)S
2752(the)S
2905(objects.)S
3274(MAC)S
3533(policies)S
3875(thus)S
4073(include)S
4398(assigning)S
4807(levels)S
720 H
3708 V
720(of)S
833(trust)S
1042(or)S
1156(clearance)S
1562(to)S
1671(system)S
1980(users)S
2216(\(subjects\),)S
2660(and)S
2835(levels)S
3099(of)S
3213(sensitivity)S
3656(to)S
3765(system)S
4074(objects,)S
4413(and)S
4588(then)S
4791(ensur-)S
720 H
3828 V
720(ing)S
878(that)S
1058(only)S
1266(users)S
1501(with)S
1709(su)S
1798 H
	(f)show 10 -.5 mul h (\256)show
10 R
1882(cient)S
2106(clearance)S
2511(can)S
2679(access)S
2963(the)S
3115(classi\256ed)S
3517(information.)S
720 H
4068 V
10 B
720(3.4.1.)S
1005(Sensitivity)S
1480(Labels)S
720 H
4224 V
10 R
720(When)S
995(MAC)S
1260(policies)S
1608(are)S
1767(enabled,)S
2140(each)S
2360(system)S
2676(subject)S
2997(and)S
3179(object)S
3461(is)S
3566(created)S
3891(with)S
4107(a)S
4189(sensitivity)S
4639(label,)S
4896(and)S
720 H
4344 V
720(the)S
872(system)S
1180(MAC)S
1438(policies)S
1779(compare)S
2152(the)S
2304(labels)S
2567(when)S
2813(determining)S
3326(access.)S
720 H
4500 V
720(The)S
919(AUTH_MLS)S
1496(credential)S
1933(contains)S
2310(the)S
2476(sensitivity)S
2932(label)S
3170(information)S
3686(associated)S
4140(with)S
4362(the)S
4528(TNFS)S
4818(client)S
720 H
4620 V
720(subject)S
1038(\(application\))S
1583(making)S
1918(the)S
2075(access)S
2364(request.)S
2742(This)S
2955(information)S
3462(is)S
3564(su)S
3653 H
	(f)show 10 -.5 mul h (\256)show
10 R
3737(cient)S
3965(to)S
4077(permit)S
4372(the)S
4528(MAC)S
4790(policy)S
720 H
4740 V
720(checking)S
1112(mechanism)S
1599(on)S
1731(the)S
1885(server)S
2160(to)S
2270(determine)S
2701(whether)S
3054(to)S
3164(permit)S
3457(access)S
3743(to)S
3853(the)S
4007(requested)S
4421(object)S
4697(or)S
4813(infor-)S
720 H
4860 V
720(mation.)S
720 H
5100 V
10 B
720(3.4.2.)S
1005(Information)S
1557(Labels)S
720 H
5256 V
10 R
720(Information)S
1234(labels)S
1504(represent)S
1906(the)S
2065(actual)S
2340(sensitivity)S
2789(of)S
2909(a)S
2990(given)S
3250(subject)S
3571(or)S
3692(object,)S
3999(and)S
4181(permit)S
4480(the)S
4640(additional)S
720 H
5376 V
720(identi\256cation)S
1282(of)S
1399(control)S
1716(markings)S
2122(for)S
2272(a)S
2350(given)S
2606(piece)S
2850(of)S
2966(information.)S
3526(The)S
3714(information)S
4219(label)S
4446(is)S
4546(dynamically)S
720 H
5496 V
720(adjusted)S
1084(on)S
1215(both)S
1424(subjects)S
1777(and)S
1952(objects)S
2266(to)S
2375(the)S
2528(highest)S
2848(sensitivity)S
3292(level)S
3518(re\257ected)S
3893(by)S
4025(a)S
4101(subject/object)S
4688(pair:)S
4903(if)S
4996(a)S
720 H
5616 V
720(subject)S
1040(issues)S
1316(a)S
1397(write)S
1639(request)S
1963(to)S
2077(an)S
2207(object,)S
2512(the)S
2670(information)S
3178(label)S
3408(of)S
3527(the)S
3685(object)S
3965(will)S
4157(be)S
4287(adjusted)S
4656(\(if)S
4786(neces-)S
720 H
5736 V
720(sary\))S
953(to)S
1065(the)S
1221(level)S
1450(de\256ned)S
1779(by)S
1914(the)S
2071(information)S
2578(label)S
2807(of)S
2925(the)S
3082(subject;)S
3458(if)S
3554(a)S
3633(subject)S
3951(issues)S
4225(a)S
4304(read)S
4510(request)S
4833(to)S
4946(an)S
720 H
5856 V
720(object,)S
1026(the)S
1185(information)S
1694(label)S
1925(of)S
2044(the)S
2202(subject)S
2521(will)S
2713(be)S
2843(adjusted)S
3212(to)S
3326(the)S
3484(level)S
3714(de\256ned)S
4044(by)S
4180(the)S
4338(information)S
4846(label)S
720 H
5976 V
720(of)S
837(the)S
993(object.)S
1326(Note)S
1554(that)S
1738(information)S
2245(labels)S
2513(are)S
2669(adjusted)S
3037(upwards)S
3410(as)S
3528(a)S
3607(result)S
3864(of)S
3982(these)S
4222(actions;)S
4568(information)S
720 H
6096 V
720(labels)S
983(are)S
1134(never)S
1385(automatically)S
1959(adjusted)S
2322(to)S
2430(a)S
2504(lower)S
2761(level.)S
720 H
6252 V
720(The)S
906(AUTH_MLS)S
1470(credential)S
1894(in)S
2003(the)S
2156(RPC)S
2377(request)S
2697(message)S
3067(contains)S
3432(the)S
3586(current)S
3900(information)S
4404(label)S
4630(associated)S
720 H
6372 V
720(with)S
950(a)S
1045(TNFS)S
1341(client)S
1614(application)S
2109(\(subject\),)S
2534(and)S
2729(permits)S
3080(a)S
3175(remote)S
3503(\256le's)S
3754(object)S
4049(information)S
4572(label)S
4817(to)S
4946(be)S
720 H
6492 V
720(adjusted)S
1106(\(if)S
1253(necessary\))S
1726(as)S
1863(a)S
1961(result)S
2237(of)S
2374(a)S
2472(client)S
2748(generated)S
10 I
3189(write)S
10 R
3449(operation.)S
3935(The)S
4144(TNFS)S
4443(reply)S
4702(message)S
720 H
6612 V
720(includes)S
1089(a)S
1169(\256eld)S
1383(for)S
1535(the)S
1693(information)S
2201(label)S
2431(associated)S
2877(with)S
3091(an)S
3221(accessed)S
3605(\256le)S
3769(object,)S
4074(permitting)S
4527(the)S
4685(subject's)S
720 H
6732 V
720(information)S
1222(label)S
1446(to)S
1554(be)S
1678(adjusted)S
2041(\(if)S
2165(necessary\))S
2615(as)S
2728(a)S
2802(result)S
3054(of)S
3167(a)S
3241(client)S
3493(generated)S
10 I
3910(read)S
10 R
4123(operation.)S
720 H
6888 V
720(These)S
989(extensions)S
1442(are)S
1594(su)S
1683 H
	(f)show 10 -.5 mul h (\256)show
10 R
1767(cient)S
1992(to)S
2101(support)S
2432(the)S
2586(MAC)S
2846(information)S
3350(label)S
3576(policies)S
3919(with)S
4129(respect)S
4443(to)S
4553(network)S
4912(\256le)S
720 H
7008 V
720(access.)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 3])S
7920 V
EP
%%Page: 4 4
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
10 B
720(3.5.)S
930(MAC)S
1198(and)S
1390(DAC)S
1636(Coverage)S
2070(with)S
2289(TNFS)S
720 H
996 V
10 R
720(In)S
833(an)S
957(MLS)S
1193(environment,)S
1753(both)S
1961(DAC)S
2202(and)S
2377(MAC)S
2636(access)S
2921(control)S
3235(policies)S
3577(are)S
3729(applied)S
4054(in)S
4163(determining)S
4677(access)S
4962(to)S
720 H
1116 V
720(a)S
820(given)S
1098(object.)S
1453(In)S
1592(a)S
1692(network)S
2075(environment)S
2636(of)S
2775(MLS)S
3036(systems)S
3408(participating)S
3968(in)S
4101(TNFS)S
4401(\256le)S
4584(access,)S
4918(the)S
720 H
1236 V
720(AUTH_MLS)S
1285(credential)S
1710(permits)S
2042(a)S
2118(TNFS)S
2396(server)S
2672(to)S
2783(apply)S
3038(both)S
3249(DAC)S
3493(and)S
3670(MAC)S
3931(policies)S
4275(in)S
4386(consideration)S
4957(of)S
720 H
1356 V
720(a)S
795(request)S
1114(from)S
1339(a)S
1414(remote)S
1722(NFS)S
1937(client)S
2190(subject.)S
2559(Thus,)S
2815(MLS)S
3052(based)S
3310(network)S
3667(\256le)S
3825(access)S
4109(using)S
4356(the)S
4508(NFS)S
4722(V2)S
4874(pro-)S
720 H
1476 V
720(tocol)S
950(can)S
1118(be)S
1242(supported)S
1666(through)S
2007(the)S
2159(use)S
2322(of)S
2435(the)S
2587(AUTH_MLS)S
3150(credential.)S
3628(Listing)S
3942(or)S
4055(modifying)S
4502(the)S
4654(DAC)S
4896(and)S
720 H
1596 V
720(MAC)S
983(security)S
1334(attributes)S
1741(of)S
1859(a)S
1937(server's)S
2286(\256le)S
2448(from)S
2676(a)S
2754(client,)S
3035(however,)S
3437(requires)S
3792(additional)S
4226(protocol)S
4593(extensions.)S
720 H
1716 V
720(Identifying)S
1206(additional)S
1648(security)S
2006(access)S
2302(restrictions)S
2788(when)S
3046(a)S
3133(request)S
3464(is)S
3574(made)S
3833(to)S
3954(open)S
4191(a)S
4278(remote)S
4598(\256le)S
4769(is)S
4879(also)S
720 H
1836 V
720(considered)S
1191(to)S
1308(be)S
1441(a)S
1524(requirement.)S
2100(Extensions)S
2578(designed)S
2972(to)S
3089(satisfy)S
3388(these)S
3631(requirements)S
4190(are)S
4349(addressed)S
4780(by)S
4918(the)S
720 H
1956 V
720(TNFS)S
995(protocol,)S
1383(and)S
1557(are)S
1708(described)S
2120(in)S
2228(the)S
2380(next)S
2582(subsections.)S
720 H
2196 V
10 B
720(3.5.1.)S
1005(Remote)S
1361(Access)S
1673(to)S
1786(Extended)S
2222(File)S
2413(Attributes)S
720 H
2352 V
10 R
720(The)S
914(TCSEC)S
1265(notion)S
1560(of)S
10 I
1683(appropriate)S
2201(privilege)S
10 R
2596(is)S
2703(an)S
2837(integral)S
3182(part)S
3377(of)S
3500(the)S
3662(MLS)S
3908(environment.)S
4478(It)S
4579(is)S
4686(expected)S
720 H
2472 V
720(that)S
907(a)S
988(subject)S
1308(with)S
1523(appropriate)S
2014(privilege)S
2406(will)S
2599(want)S
2830(to)S
2945(gain)S
3154(access)S
3445(to)S
3560(the)S
3719(additional)S
4156(\256le)S
4321(attribute)S
4691(informa-)S
720 H
2592 V
720(tion)S
914(for)S
1068(the)S
1228(purposes)S
1621(of)S
1742(modi\256cation)S
2286(and/or)S
2579(viewing)S
2939(of)S
3060(that)S
3248(information.)S
3814(Subject)S
4153(privileges)S
4586(are)S
4746(de\256ned)S
720 H
2712 V
720(within)S
1010(the)S
1166(AUTH_MLS)S
1733(credential.)S
2215(Note,)S
2468(however,)S
2870(that)S
3054(the)S
3210(privileges)S
3638(associated)S
4081(with)S
4292(a)S
4369(given)S
4624(subject)S
4940(on)S
720 H
2832 V
720(a)S
797(given)S
1052(client)S
1307(system)S
1618(may)S
1823(not)S
1984(be)S
2111(extended)S
2504(to)S
2615(the)S
2770(subject)S
3087(on)S
3221(a)S
3299(given)S
3555(server.)S
3887(Although)S
4299(most)S
4528(subjects)S
4884(will)S
720 H
2952 V
720(likely)S
981(retain)S
1241(their)S
1457(privileges)S
1884(on)S
2017(the)S
2172(server,)S
2473(a)S
2549(client)S
2803(administrator,)S
3393(for)S
3541(example,)S
3936(may)S
4140(not)S
4300(be)S
4426(granted)S
4757(admin-)S
720 H
3072 V
720(istrative)S
1072(privileges)S
1496(on)S
1626(the)S
1778(server.)S
720 H
3228 V
720(The)S
907(DAC)S
1150(and)S
1326(MAC)S
1586(security)S
1934(attribute)S
2299(information)S
2803(includes)S
3168(MAC)S
3428(and)S
3604(information)S
4108(labels,)S
4399(and)S
4576(access)S
4863(con-)S
720 H
3348 V
720(trol)S
894(list)S
1052(information)S
1559(\(ACLs\).)S
1954(Supporting)S
2434(remote)S
2746(access)S
3034(to)S
3146(this)S
3325(information)S
3831(is)S
3932(more)S
4171(di)S
4249 H
	(f)show 10 -.5 mul h (\256)show
10 R
4333(cult)S
4517(to)S
4629(address)S
4962(in)S
720 H
3468 V
720(the)S
872(network)S
1229(environment,)S
1789(since:)S
720 H
3624 V
970(o)S
1220(it)S
1326(requires)S
1697(transmitting)S
2231(additional)S
2681(\256le)S
2859(security)S
3225(attribute)S
3608(information)S
4130(\(or)S
4296(its)S
4442(representation\))S
720 H
3744 V
1220("over)S
1468(the)S
1620(wire",)S
1893(and)S
720 H
3900 V
970(o)S
1220(additional)S
1650(\256le)S
1808(attribute)S
2171(information)S
2673(cannot)S
2969(be)S
3094(accommodated)S
3729(in)S
3838(the)S
3991(existing)S
4339(NFS)S
4554(V2)S
4707(protocol)S
720 H
4020 V
1220(\256le)S
1381(attribute)S
1747(data)S
1946(structures;)S
2395(additional)S
2828(support)S
3161(setting)S
3461(and)S
3638(getting)S
3949(the)S
4104(extended)S
4497(security)S
4846(attri-)S
720 H
4140 V
1220(butes)S
1461(is)S
1558(required)S
720 H
4296 V
720(Thus,)S
978(extensions)S
1433(to)S
1544(the)S
1699(NFS)S
1916(V2)S
2071(protocol)S
2437(procedures)S
2907(have)S
3128(been)S
3350(de\256ned)S
3678(to)S
3790(support)S
4124(access)S
4412(to)S
4524(the)S
4680(extended)S
720 H
4416 V
720(attributes)S
1145(of)S
1281(served)S
1594(\256les.)S
1839(The)S
2047(complete)S
2466(set)S
2630(of)S
2766(NFS)S
3003(protocol)S
3389(procedures)S
3879(and)S
4076(security)S
4445(extensions)S
4919(are)S
720 H
4536 V
720(referred)S
1064(to)S
1172(in)S
1280(this)S
1455(document)S
1879(as)S
1992(the)S
2144(TNFS)S
2419(protocol.)S
720 H
4776 V
10 B
720(3.5.2.)S
1005(File)S
1196(Open)S
1460(Enhancement)S
720 H
4932 V
10 R
720(Using)S
993(the)S
1149(NFS)S
1367(V2)S
1523(protocol,)S
1915(a)S
1993(client)S
2249(request)S
2571(to)S
10 I
2683(open)S
2911(\(2\))S
10 R
3061(a)S
3139(remote)S
3450(\256le)S
3612(on)S
3746(the)S
3903(server)S
4181(may)S
4388(be)S
4517(translated)S
4940(by)S
720 H
5052 V
720(the)S
877(client)S
1134(into)S
1325(a)S
1404(GETATTR)S
1894(procedure)S
2327(call)S
2506(for)S
2657(the)S
2815(current)S
3133(directory)S
5020 V
8 R
3493(6)S
5052 V
10 R
3533(,)S
3594(followed)S
3985(by)S
4121(a)S
4201(LOOKUP)S
4642(procedure)S
720 H
5172 V
720(call)S
899(for)S
1049(the)S
1205(\256le)S
1367(to)S
1479(be)S
1607(opened.)S
1954(If)S
2054(valid)S
2288(responses)S
2710(from)S
2938(these)S
3177(procedure)S
3609(calls)S
3826(are)S
3981(returned,)S
4372(the)S
4528(client's)S
4856(NFS)S
720 H
5292 V
720(\256le)S
878(attribute)S
1241(cache)S
1497(is)S
1594(updated,)S
1965(and)S
2139(an)S
2263(open)S
2487(\256le)S
2645(descriptor)S
3074(may)S
3276(be)S
3400(returned)S
3762(to)S
3870(the)S
4022(requesting)S
4468(application.)S
720 H
5448 V
720(Since)S
986(the)S
1152(NFS)S
1380(V2)S
1546(protocol)S
1923(does)S
2150(not)S
2322(transmit)S
2694(an)S
2832(actual)S
3114(open)S
3352(request)S
3684(to)S
3806(the)S
3972(server,)S
4284(however,)S
4696(an)S
4834(MLS)S
720 H
5568 V
720(server)S
1002(will)S
1197(not)S
1364(be)S
1497(able)S
1702(to)S
1819(apply)S
2080(the)S
2241(appropriate)S
2734(DAC)S
2984(and)S
3167(MAC)S
3434(policy)S
3723(at)S
3834(the)S
3995(time)S
4212(of)S
4334(the)S
4495(open)S
4727(request,)S
720 H
5688 V
720(and)S
897(the)S
1052(application)S
1530(may)S
1736(\256nd)S
1926(that)S
2110(it)S
2200(has)S
2367(successfully)S
2889(opened)S
3211(the)S
3367(\256le,)S
3554(but)S
3716(that)S
3900(it)S
3990(cannot)S
4290(access)S
4578(the)S
4734(\256le)S
4896(due)S
720 H
5808 V
720(to)S
852(stronger)S
1233(access)S
1541(control)S
1878(policies)S
2243(being)S
2518(applied)S
2865(by)S
3018(the)S
3193(server)S
3489(in)S
3620(response)S
4022(to)S
4153(speci\256c)S
4511(client)S
4786(access)S
720 H
5928 V
720(requests.)S
720 H
6084 V
720(An)S
10 I
881(access)S
10 R
1180(protocol)S
1552(procedure)S
1989(would)S
2278(permit)S
2578(the)S
2739(client)S
3000(to)S
3117(determine)S
3555(whether)S
3915(access)S
4208(to)S
4326(the)S
4488(\256le)S
4656(would)S
4946(be)S
720 H
6204 V
720(supported)S
1145(by)S
1276(the)S
1429(server,)S
1728(based)S
1986(on)S
2117(the)S
2270(application's)S
2817(open)S
3042(request)S
3361(type)S
3564(and)S
3739(the)S
3892(associated)S
4333(extended)S
4724(security)S
720 H
6324 V
720(attribute)S
1083(information.)S
1640(An)S
1792(additional)S
2222(TNFS)S
2497(protocol)S
2860(procedure)S
3288(has)S
3451(been)S
3669(de\256ned)S
3993(to)S
4101(address)S
4430(this)S
4605(issue.)S
720 H
6564 V
10 B
720(3.5.3.)S
1005(TNFS)S
1291(Protocol)S
1681(Extensions)S
720 H
6720 V
10 R
720(Extensions)S
1194(to)S
1308(the)S
1466(NFS)S
1686(V2)S
1844(protocol)S
2213(are)S
2370(de\256ned)S
2700(in)S
2814(this)S
2995(section)S
3314(of)S
3433(the)S
3591(speci\256cation.)S
4187(These)S
4461(extensions)S
4919(are)S
720 H
6840 V
720(designed)S
1117(to)S
1237(support)S
1579(remote)S
1898(access)S
2194(to)S
2314(the)S
2478(security)S
2836(\256le)S
3006(attribute)S
3381(extensions,)S
3869(and)S
4054(to)S
4173(support)S
4514(the)S
4677(\256le)S
4846(open)S
720 H
6960 V
720(enhancement.)S
720 H
7060 V
8 Y1
720(333333333333333333)S
720 H
7154 V
6 R
820(6)S
7178 V
8 R
890(Depends)S
1193(on)S
1297(the)S
1418(presence)S
1719(of)S
1809(valid)S
1992(attributes)S
2311(in)S
2397(the)S
2518(lookup)S
2764(cache)S
2968(\(DNLC\).)S
720 H
7680 V
10 R
720(Trusted Systems Interoperability Group)S
4700([Page 4])S
7920 V
EP
%%Page: 5 5
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
10 B
720(3.5.3.1.)S
1080(Data)S
1315(Structure)S
1755(De\256nitions)S
720 H
996 V
10 R
720(The)S
908(de\256nitions)S
1364(which)S
1641(support)S
1974(the)S
2129(MLS)S
2368(extensions)S
2823(are)S
2977(described)S
3392(in)S
3504(this)S
3683(section.)S
4055(Since)S
4311(the)S
4467(de\256nitions)S
4924(for)S
720 H
1116 V
720(the)S
875(TNFS)S
1153(protocol)S
1519(are)S
1673(an)S
1800(extension)S
2216(of)S
2332(the)S
2487(original)S
2831(NFS)S
3048(V2)S
3203(protocol,)S
3594(this)S
3772(speci\256cation)S
4310(will)S
4499(include)S
4825(all)S
4957(of)S
720 H
1236 V
720(the)S
873(extended)S
1264(data)S
1461(structure)S
1841(de\256nitions,)S
2320(and)S
2495(a)S
2570(few)S
2750(of)S
2864(the)S
3017(original)S
3359(de\256nitions)S
3813(for)S
3960(clarity.)S
4271(Note)S
4496(that)S
4677(the)S
4830(argu-)S
720 H
1356 V
720(ments)S
989(and)S
1163(results)S
1454(are)S
1605(de\256ned)S
1929(using)S
2176(the)S
2328(RPC)S
2548(language.)S
720 H
1632 V
720(The)S
906(following)S
1326(RPC)S
1547(constants)S
1951(are)S
2104(used)S
2319(to)S
2429(identify)S
2772(the)S
2926(TNFS)S
3203(extensions)S
3657(which)S
3933(support)S
4265(MLS)S
4503(security)S
4851(poli-)S
720 H
1752 V
720(cies.)S
963(The)S
1151(TNFS)S
1429(program)S
1800(will)S
1989(be)S
2116(registered)S
2542(as)S
2658(a)S
2735(separate)S
3094(service)S
3409(with)S
3620(the)S
3775(RPC)S
3998(port)S
4191(mapping)S
4573(service,)S
4912(but)S
720 H
1872 V
720(will)S
910(share)S
1154(the)S
1310(same)S
1549(UDP)S
1783([13])S
1983(port)S
2178(number)S
2517(with)S
2730(the)S
2887(original)S
3233(NFS)S
3452(V2)S
3609(service.)S
3981(Registration)S
4505(as)S
4623(a)S
4702(di)S
4780 H
	(f)show 10 -.5 mul h (f)show
10 R
4841(erent)S
720 H
1992 V
720(service)S
1037(distinguishes)S
1595(the)S
1752(TNFS)S
2032(service)S
2349(from)S
2577(the)S
2733(original)S
3078(NFS)S
3296(V2)S
3452(service.)S
3823(The)S
4012(use)S
4179(of)S
4296(a)S
4374(di)S
4452 H
	(f)show 10 -.5 mul h (f)show
10 R
4513(erent)S
4746(version)S
720 H
2112 V
720(number)S
1055(distinguishes)S
1608(each)S
1820(request/response)S
2515(message.)S
720 H
2268 V
970(PROGRAM)S
1495(390086)S
1855(/*)S
1963(TNFS)S
2238(Program)S
2612(Number)S
2969(*/)S
720 H
2388 V
970(VERSION)S
1583(1)S
1693(/*)S
1801(TNFS)S
2076(Version)S
2422(1)S
2502(*/)S
720 H
2508 V
970(PORT)S
1406(2049)S
1666(/*)S
1774(Original)S
2137(NFS)S
2351(Port)S
2548(*/)S
720 H
2784 V
720(The)S
10 B
915(stat)S
10 R
1110(type)S
1322(is)S
1429(returned)S
1801(from)S
2035(every)S
2296(procedure)S
2734(call.)S
2973(A)S
3085(value)S
3341(of)S
3464(NFS_OK)S
3882(indicates)S
4277(the)S
4439(call)S
4624(completed)S
720 H
2904 V
720(successfully.)S
1271(Other)S
1536(values)S
1829(indicate)S
2183(that)S
2371(an)S
2502(error)S
2732(occurred)S
3117(during)S
3415(the)S
3574(servicing)S
3977(of)S
4097(the)S
4256(request.)S
4636(Note:)S
4895(this)S
720 H
3024 V
720(structure)S
1101(is)S
1200(unchanged)S
1664(from)S
1890(the)S
2044(NFS)S
2261(V2)S
2416(Protocol)S
2788(Speci\256cation.)S
3398(It)S
3492(is)S
3592(\(partially\))S
4024(reproduced)S
4505(here)S
4709(for)S
4858(clar-)S
720 H
3144 V
720(ity.)S
720 H
3300 V
10 B
970(stat)S
720 H
3456 V
10 R
970(enum)S
1222(stat)S
1391({)S
720 H
3576 V
1220(NFS_OK)S
1628(=)S
1714(0,)S
720 H
3696 V
1220(NFSERR_PERM)S
1952(=)S
2038(1,)S
720 H
3816 V
1210(NFSERR_NOENT)S
2007(=)S
2093(2,)S
720 H
3936 V
1210(.)S
1265(.)S
1320(.)S
720 H
4056 V
1210([other)S
1478(NFS)S
1692(errors)S
1954(as)S
2067(de\256ned)S
2391(in)S
2499(the)S
2651(V2)S
2803(protocol)S
3166(speci\256cation])S
720 H
4176 V
970(};)S
720 H
4452 V
720(The)S
923(credential)S
1364(parameter)S
1810(is)S
1925(included)S
2317(in)S
2444(each)S
2675(RPC)S
2914(request)S
3251(message,)S
3663(and)S
3856(is)S
3972(used)S
4204(to)S
4331(supply)S
4647(the)S
4818(client)S
720 H
4572 V
720(subject's)S
1117(credentials)S
1591(to)S
1711(the)S
1875(server.)S
2214(The)S
2410(AUTH_MLS)S
2984(credential)S
3418(will)S
3615(be)S
3750(used)S
3974(with)S
4193(the)S
4356(TNFS)S
4642(procedure)S
720 H
4692 V
720(calls)S
933(and)S
1107(is)S
1204(de\256ned)S
1528(as)S
1641(follows:)S
720 H
4848 V
970(#de\256ne)S
1294(AUTH_MLS)S
1857(200000)S
2307(/*)S
2415(decimal)S
2761(*/)S
720 H
5004 V
970(#de\256ne)S
1294(MLS_TOKEN_SIZE)S
2179(4)S
2349(/*)S
2457(4)S
2537(octets)S
2800(or)S
2913(32)S
3043(bits)S
3218(*/)S
720 H
5160 V
970(typedef)S
1299(opaque)S
1617(t_token[MLS_TOKEN_SIZE];)S
2896(/*)S
3004(tokens)S
3295(are)S
3446(opaque)S
3764(*/)S
720 H
5316 V
970(struct)S
1222(authmls_cred)S
1790({)S
720 H
5436 V
1210(u_long)S
1548(auc_stamp;)S
2273(/*)S
2381(arbitrary)S
2754(ID)S
2889(*/)S
720 H
5556 V
1210(char)S
1501(auc_machname<255>;)S
2441(/*)S
2549(machine)S
2917(name)S
3163(*/)S
720 H
5676 V
1210(u_long)S
1548(auc_uid;)S
2222(/*)S
2330(e)S
2374 H
	(f)show 10 -.5 mul h (f)show
10 R
2435(ective)S
2703(uid)S
2861(*/)S
720 H
5796 V
1210(u_long)S
1548(auc_gid;)S
2222(/*)S
2330(e)S
2374 H
	(f)show 10 -.5 mul h (f)show
10 R
2435(ective)S
2703(gid)S
2861(*/)S
720 H
5916 V
1210(u_long)S
1548(auc_len;)S
2216(/*)S
2324(len)S
2476(of)S
2589(groups)S
2891(list)S
3044(*/)S
720 H
6036 V
1210(u_long)S
1548(auc_gids<24>;)S
2323(/*)S
2431(groups)S
2733(*/)S
720 H
6156 V
1210(u_long)S
1548(auc_aid;)S
2216(/*)S
2324(audit)S
2554(id)S
2662(*/)S
720 H
6276 V
1210(t_token)S
1540(auc_privs;)S
2226(/*)S
2334(privileges)S
2758(token)S
3010(*/)S
720 H
6396 V
1210(t_token)S
1540(auc_sens;)S
2228(/*)S
2336(sensitivity)S
2778(token)S
3030(*/)S
720 H
6516 V
1210(t_token)S
1540(auc_info;)S
2217(/*)S
2325(information)S
2827(token)S
3079(*/)S
720 H
6636 V
1210(t_token)S
1540(auc_integ;)S
2226(/*)S
2334(integrity)S
2703(token)S
2955(*/)S
720 H
6756 V
1210(t_token)S
1540(auc_ncs;)S
2219(/*)S
2327(national)S
2679(caveat)S
2963(set)S
3104(token)S
3356(*/)S
720 H
6876 V
970(};)S
720 H
7032 V
970(Note)S
1208(that)S
1402(if)S
1507(a)S
1595(given)S
1861(security)S
2221(attribute)S
2599(is)S
2711(not)S
2884(being)S
3151(exchanged,)S
3647(then)S
3864(the)S
4031(corresponding)S
4647(credential)S
720 H
7152 V
970(token)S
1225(values)S
1513(shall)S
1735(be)S
1862(set)S
2006(to)S
2117(all)S
2250(zeros.)S
2547(A)S
2651(given)S
2905(security)S
3253(policy)S
3535(may)S
3739(require)S
4053(that)S
4235(only)S
4445(a)S
4521(subset)S
4803(of)S
4918(the)S
720 H
7272 V
970(security)S
1333(attributes)S
1752(provided)S
2154(for)S
2317(in)S
2442(this)S
2634(speci\256cation)S
3187(be)S
3329(exchanged.)S
3858(For)S
4045(example,)S
4456(a)S
4548(C2)S
4713(network)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 5])S
7920 V
EP
%%Page: 6 6
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
970(security)S
1317(policy)S
1598(requires)S
1950(the)S
2103(support)S
2434(of)S
2548(privileges,)S
2998(and)S
3173(might)S
3438(also)S
3630(require)S
3943(support)S
4274(for)S
4421(Access)S
4734(Control)S
720 H
960 V
970(Lists)S
1201(\(ACLs\).)S
1597(In)S
1716(that)S
1902(case,)S
2134(the)S
2292(sensitivity,)S
2765(information,)S
3298(integrity,)S
3698(and)S
3878(national)S
4236(caveat)S
4526(token)S
4785(values)S
720 H
1080 V
970(shall)S
1189(be)S
1313(set)S
1454(to)S
1562(all)S
1692(zeros)S
1932(in)S
2040(the)S
2192(exchange)S
2598(messages.)S
720 H
1356 V
720(The)S
10 B
911(fattr)S
10 R
1140(structure)S
1525(de\256nes)S
1844(the)S
2002(complete)S
2404(set)S
2551(of)S
2670(\256le)S
2834(attributes)S
3242(of)S
3361(a)S
3441(\256le.)S
3630(The)S
3822(extended)S
10 B
4219(fattr)S
10 R
4449(structure)S
4835(com-)S
720 H
1476 V
720(bines)S
967(the)S
1125(NFS)S
1345(V2)S
10 B
1503(fattr)S
10 R
1732(structure)S
2117(with)S
2331(additional)S
2767(\256elds)S
3020(for)S
3172(a)S
3252(\256le's)S
3488(security)S
3840(attributes.)S
4303(The)S
4494(security)S
4846(attri-)S
720 H
1596 V
720(butes)S
961(are)S
1112(represented)S
1601(by)S
1731(tokens.)S
720 H
1752 V
970(struct)S
1222(fattr)S
1418({)S
720 H
1872 V
1210(ftype)S
1505(type;)S
1885(/*)S
1993(\256le)S
2151(type)S
2353(*/)S
720 H
1992 V
1210(u_long)S
1548(mode;)S
1978(/*)S
2086(encoded)S
2448(access)S
2732(mode)S
2984(*/)S
720 H
2112 V
1210(u_long)S
1548(nlink;)S
1932(/*)S
2040(number)S
2375(of)S
10 I
2488(hard)S
10 R
2707(links)S
2932(*/)S
720 H
2232 V
1210(u_long)S
1548(uid;)S
1914(/*)S
2022(\256le's)S
2252(owner)S
2531(id)S
2639(*/)S
720 H
2352 V
1210(u_long)S
1548(gid;)S
1914(/*)S
2022(\256le's)S
2252(group)S
2515(id)S
2623(*/)S
720 H
2472 V
1210(u_long)S
1548(size;)S
1911(/*)S
2019(\256le)S
2177(size)S
2362(in)S
2470(bytes)S
2711(*/)S
720 H
2592 V
1210(u_long)S
1548(blocksize;)S
1983(/*)S
2091(number)S
2426(bytes/block)S
2917(*/)S
720 H
2712 V
1210(u_long)S
1548(rdev;)S
1933(/*)S
2041(device)S
2331(number)S
2666(of)S
2779(the)S
2931(\256le)S
3089(*/)S
720 H
2832 V
1210(u_long)S
1548(blocks;)S
1957(/*)S
2065(current)S
2377(number)S
2712(of)S
2825(blocks)S
3116(*/)S
720 H
2952 V
1210(u_long)S
1548(fsid;)S
1906(/*)S
2014(\256le)S
2172(system)S
2480(id)S
2588(*/)S
720 H
3072 V
1210(u_long)S
1548(\256leid;)S
1902(/*)S
2010(unique)S
2312(\256le)S
2470(identi\256er)S
2861(*/)S
720 H
3192 V
1210(timeval)S
1540(atime;)S
1940(/*)S
2048(time)S
2256(of)S
2369(\256le's)S
2599(last)S
2768(access)S
3052(*/)S
720 H
3312 V
1210(timeval)S
1540(mtime;)S
1974(/*)S
2082(time)S
2290(last)S
2459(modi\256ed)S
2845(\(written\))S
3224(*/)S
720 H
3432 V
1210(timeval)S
1540(ctime;)S
1940(/*)S
2048(time)S
2256(of)S
2369(last)S
2538(attribute)S
2901(change)S
3213(*/)S
720 H
3552 V
1210(t_token)S
1540(privs;)S
1918(/*)S
2026(privileges)S
2450(token)S
2702(*/)S
720 H
3672 V
1210(t_token)S
1540(sens;)S
1920(/*)S
2028(sensitivity)S
2470(token)S
2722(*/)S
720 H
3792 V
1210(t_token)S
1540(info;)S
1909(/*)S
2017(information)S
2519(token)S
2771(*/)S
720 H
3912 V
1210(t_token)S
1540(integ;)S
1918(/*)S
2026(integrity)S
2395(token)S
2647(*/)S
720 H
4032 V
1210(t_token)S
1540(ncs;)S
1911(/*)S
2019(national)S
2371(caveat)S
2655(set)S
2796(token)S
3048(*/)S
720 H
4152 V
1210(t_token)S
1540(acl;)S
1894(/*)S
2002(access)S
2286(control)S
2599(list)S
2752(token)S
3004(*/)S
720 H
4272 V
970(};)S
720 H
4548 V
970(Note)S
1201(that)S
1388(if)S
1486(a)S
1567(given)S
1826(security)S
2179(attribute)S
2549(is)S
2653(not)S
2818(being)S
3077(exchanged,)S
3565(then)S
3774(the)S
3933(corresponding)S
4541(\256le)S
4707(attribute)S
720 H
4668 V
970(token)S
1222(values)S
1507(shall)S
1726(be)S
1850(set)S
1991(to)S
2099(all)S
2229(zeros.)S
720 H
4824 V
970(Note)S
1202(also)S
1401(that)S
1589(the)S
1749(value)S
2003(of)S
2125(information)S
2636(token,)S
10 B
2922(info)S
10 R
3089(,)S
3153(in)S
3270(the)S
10 I
3431(fattr)S
10 R
3643(structure)S
4031(of)S
4153(the)S
4314(response)S
4702(message)S
720 H
4944 V
970(shall)S
1189(be)S
1313(non-zero)S
1697(if:)S
720 H
5100 V
970(\(1\))S
1220(the)S
1372(server)S
1645(supports)S
2014(an)S
2138(information)S
2640(label)S
2864(security)S
3210(policy,)S
3515(and)S
720 H
5256 V
970(\(2\))S
1220(the)S
1378(subject's)S
1769(\(requester's\))S
2308(information)S
2816(label)S
3047(requires)S
3405(adjustment)S
3881(as)S
4001(a)S
4082(result)S
4341(of)S
4461(the)S
4620(support)S
4957(of)S
720 H
5376 V
1220(that)S
1400(policy)S
720 H
5532 V
970(Otherwise,)S
1435(the)S
1587(information)S
2089(token)S
2341(\256eld)S
2549(shall)S
2768(be)S
2892(set)S
3033(to)S
3141(all)S
3271(zeros.)S
720 H
5808 V
720(The)S
10 B
911(sattr)S
10 R
1146(structure)S
1531(de\256nes)S
1850(the)S
2008(\256le)S
2172(attributes)S
2580(which)S
2860(can)S
3035(be)S
3166(set)S
3314(from)S
3545(the)S
3704(client.)S
3988(The)S
4180(extended)S
10 B
4577(sattr)S
10 R
4813(struc-)S
720 H
5928 V
720(ture)S
922(combines)S
1352(the)S
1521(NFS)S
1752(V2)S
10 B
1921(sattr)S
10 R
2166(structure)S
2561(with)S
2785(additional)S
3231(\256elds)S
3494(for)S
3656(the)S
3824(security)S
4186(attributes,)S
4629(which)S
4919(are)S
720 H
6048 V
720(represented)S
1209(by)S
1339(tokens.)S
1685(A)S
1787(token)S
2039(value)S
2285(of)S
2398(all)S
2528(zeros)S
2768(indicates)S
3153(that)S
3333(the)S
3485(token)S
3737(\256eld)S
3945(is)S
4042(to)S
4150(be)S
4274(ignored.)S
720 H
6204 V
970(struct)S
1222(sattr)S
1424({)S
720 H
6324 V
1210(u_long)S
1548(mode;)S
1918(/*)S
2026(encoded)S
2388(access)S
2672(mode)S
2924(*/)S
720 H
6444 V
1210(u_long)S
1548(uid;)S
1854(/*)S
1962(\256le's)S
2192(owner)S
2471(id)S
2579(*/)S
720 H
6564 V
1210(u_long)S
1548(gid;)S
1854(/*)S
1962(\256le's)S
2192(group)S
2455(id)S
2563(*/)S
720 H
6684 V
1210(u_long)S
1548(size;)S
1851(/*)S
1959(\256le)S
2117(size)S
2302(in)S
2410(bytes)S
2651(*/)S
720 H
6804 V
1210(timeval)S
1540(atime;)S
1880(/*)S
1988(last)S
2157(access)S
2441(time)S
2649(*/)S
720 H
6924 V
1210(timeval)S
1540(mtime;)S
1914(/*)S
2022(last)S
2191(data)S
2387(modify)S
2706(time)S
2914(*/)S
720 H
7044 V
1210(t_token)S
1540(privs;)S
1858(/*)S
1966(privileges)S
2390(token)S
2642(*/)S
720 H
7164 V
1210(t_token)S
1540(sens;)S
1860(/*)S
1968(sensitivity)S
2410(token)S
2662(*/)S
720 H
7284 V
1210(t_token)S
1540(info;)S
1849(/*)S
1957(information)S
2459(token)S
2711(*/)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 6])S
7920 V
EP
%%Page: 7 7
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
1210(t_token)S
1540(integ;)S
1858(/*)S
1966(integrity)S
2335(token)S
2587(*/)S
720 H
960 V
1210(t_token)S
1540(ncs;)S
1851(/*)S
1959(national)S
2311(caveat)S
2595(set)S
2736(token)S
2988(*/)S
720 H
1080 V
1210(t_token)S
1540(acl;)S
1834(/*)S
1942(access)S
2226(control)S
2539(list)S
2692(token)S
2944(*/)S
720 H
1200 V
970(};)S
720 H
1476 V
720(The)S
10 B
921(sattrargs)S
10 R
1349(structure)S
1744(is)S
1857(used)S
2086(by)S
2232(the)S
2400(SETATTR)S
2885(procedure.)S
3384(It)S
3491(contains)S
3870(the)S
4038(extended)S
10 B
4445(sattr)S
10 R
4691(structure)S
720 H
1596 V
720(de\256nition.)S
720 H
1752 V
970(struct)S
1222(sattrargs)S
1590({)S
720 H
1872 V
1090(fhandle)S
1419(\256le;)S
720 H
1992 V
1090(sattr)S
1292(attributes;)S
720 H
2112 V
970(};)S
720 H
2388 V
720(The)S
10 B
906(attrstat)S
10 R
1252(structure)S
1632(de\256nes)S
1946(a)S
2021(common)S
2402(procedure)S
2831(result)S
3084(containing)S
3537(the)S
3690(status)S
3950(of)S
4065(the)S
4219(procedure)S
4649(call.)S
4880(It)S
4973(is)S
720 H
2508 V
720(returned)S
1085(with)S
1296(the)S
1451(results)S
1745(of)S
1861(GETATTR,)S
2373(SETATTR,)S
2869(and)S
3045(WRITE)S
3393(procedure)S
3823(calls.)S
4093(If)S
4191(the)S
4345(call)S
4521(was)S
4708(success-)S
720 H
2628 V
720(ful,)S
10 B
894(attrstat)S
10 R
1248(contains)S
1620(the)S
1781(results)S
2081(for)S
2236(the)S
2397(speci\256c)S
2741(procedure)S
3178(called,)S
3480(and)S
3663(the)S
3824(complete)S
4229(set)S
4379(of)S
4501(\256le)S
4668(attributes)S
720 H
2748 V
720(for)S
866(the)S
1018(\256le)S
1176(on)S
1306(which)S
1580(the)S
1732(procedure)S
2160(was)S
2345(executed.)S
720 H
2904 V
970(union)S
1228(attrstat)S
1530(switch)S
1821(\(stat)S
2023(status\))S
2314({)S
720 H
3024 V
1210(case)S
1411(NFS_OK:)S
720 H
3144 V
1330(fattr)S
1526(attributes;)S
720 H
3264 V
1210(default:)S
720 H
3384 V
1330(void;)S
720 H
3504 V
970(};)S
720 H
3780 V
720(The)S
10 B
927(diropres)S
10 R
1340(structure)S
1741(de\256nes)S
2076(the)S
2250(results)S
2563(of)S
2698(a)S
2794(directory)S
3206(procedure)S
3656(call.)S
3907(If)S
4025(the)S
4200(call)S
4397(was)S
4605(successful,)S
720 H
3900 V
10 B
720(diropres)S
10 R
1111(contains)S
1474(a)S
1548(new)S
1744(\256le)S
1902(handle)S
10 B
2198(\256le)S
10 R
2356(and)S
2530(the)S
2682(complete)S
3078(set)S
3219(of)S
3332(associated)S
3772(\256le)S
10 B
3930(attributes)S
10 R
4346(.)S
720 H
4056 V
970(union)S
1228(diropres)S
1585(switch)S
1876(\(stat)S
2078(status\))S
2369({)S
720 H
4176 V
1210(case)S
1411(NFS_OK:)S
720 H
4296 V
1330(struct)S
1582({)S
720 H
4416 V
1450(fhandle)S
1779(\256le;)S
720 H
4536 V
1450(fattr)S
1646(attributes;)S
720 H
4656 V
1330(})S
1408(diropok;)S
720 H
4776 V
1210(default:)S
720 H
4896 V
1330(void;)S
720 H
5016 V
970(};)S
720 H
5292 V
720(The)S
10 B
908(readlinkres)S
10 R
1430(structure)S
1812(de\256nes)S
2128(the)S
2283(results)S
2578(of)S
2695(a)S
2773(READLINK)S
3317(procedure)S
3749(call.)S
3982(If)S
4082(the)S
4238(call)S
4416(was)S
4605(successful,)S
720 H
5412 V
10 B
720(readlinkres)S
10 R
1244(contains)S
1612(the)S
10 B
1769(data)S
10 R
1993(in)S
2106(the)S
2263(symbolic)S
2665(link)S
2856(of)S
2974(the)S
3131(\256le)S
3294(identi\256ed)S
3707(by)S
3842(the)S
3998(\256le)S
4160(handle)S
4460(argument,)S
4896(and)S
720 H
5532 V
720(the)S
873(complete)S
1270(set)S
1412(of)S
1526(associated)S
1967(\256le)S
10 B
2126(attributes)S
10 R
2542(.)S
2628(File)S
2815(attributes)S
3219(are)S
3372(returned)S
3736(with)S
3946(the)S
4100(READLINK)S
4642(procedure)S
720 H
5652 V
720(call)S
894(to)S
1002(support)S
1332(the)S
1484(information)S
1986(label)S
2210(adjustment)S
2679(policy.)S
720 H
5808 V
970(union)S
1228(readlinkres)S
1701(switch)S
1992(\(stat)S
2194(status\))S
2485({)S
720 H
5928 V
1210(case)S
1411(NFS_OK:)S
720 H
6048 V
1330(struct)S
1582({)S
720 H
6168 V
1450(path)S
1652(data;)S
720 H
6288 V
1450(fattr)S
1646(attributes;)S
720 H
6408 V
1330(})S
1408(readlinkok;)S
720 H
6528 V
1210(default:)S
720 H
6648 V
1330(void;)S
720 H
6768 V
970(};)S
720 H
7044 V
720(The)S
10 B
915(readdirres)S
10 R
1404(structure)S
1793(de\256nes)S
2116(the)S
2279(results)S
2581(of)S
2705(a)S
2790(READDIR)S
3275(procedure)S
3714(call.)S
3954(If)S
4061(the)S
4224(call)S
4409(was)S
4605(successful,)S
720 H
7164 V
10 B
720(readdirres)S
10 R
1203(returns)S
1514(a)S
1592(variable)S
1947(number)S
2286(of)S
2403(directory)S
10 B
2797(entries)S
10 R
3085(,)S
3144(with)S
3356(a)S
3434(total)S
3646(size)S
3835(of)S
3952(up)S
4086(to)S
4197(the)S
4352(amount)S
4685(speci\256ed)S
720 H
7284 V
720(in)S
836(the)S
996(argument)S
10 B
1411(count)S
10 R
1688(of)S
1809(the)S
10 B
1969(readdirargs)S
10 R
2512(structure.)S
2924(Each)S
3161(entry)S
3405(contains)S
3777(a)S
3860(unique)S
4171(\256le)S
4338(identi\256er,)S
4763(and)S
4946(an)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 7])S
7920 V
EP
%%Page: 8 8
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720(opaque)S
1050("pointer")S
1457(to)S
1577(the)S
1741(next)S
1955(entry)S
2201(in)S
2320(the)S
2483(directory.)S
2939(The)S
10 B
3135(eof)S
10 R
3303(\257ag)S
3494(has)S
3668(a)S
3753(value)S
4010(of)S
4134(TRUE)S
4436(if)S
4538(there)S
4778(are)S
4940(no)S
720 H
960 V
720(more)S
972(directory)S
1379(entries.)S
1747(File)S
1950(attributes)S
2369(are)S
2538(returned)S
2918(with)S
3144(the)S
3314(READDIR)S
3806(procedure)S
4252(call)S
4444(to)S
4570(support)S
4918(the)S
720 H
1080 V
720(information)S
1222(label)S
1446(adjustment)S
1915(policy.)S
720 H
1236 V
970(union)S
1228(readdirres)S
1656(switch)S
1947(\(stat)S
2149(status\))S
2440({)S
720 H
1356 V
1210(case)S
1411(NFS_OK:)S
720 H
1476 V
1330(struct)S
1582({)S
720 H
1596 V
1450(entry)S
1685(*entries;)S
720 H
1716 V
1450(bool)S
1658(eof;)S
720 H
1836 V
1450(fattr)S
1646(attributes;)S
720 H
1956 V
1330(})S
1408(readdirok;)S
720 H
2076 V
1210(default:)S
720 H
2196 V
1330(void;)S
720 H
2316 V
970(};)S
720 H
2556 V
10 B
720(3.5.3.2.)S
1080(TNFS)S
1366(Protocol)S
1756(Procedure)S
2229(De\256nitions)S
720 H
2712 V
10 R
720(The)S
905(TNFS)S
1180(Protocol)S
1549(De\256nition)S
1985(integrates)S
2403(the)S
2555(use)S
2718(of:)S
720 H
2868 V
970(o)S
1220(the)S
1372(extended)S
10 B
1762(fattr)S
10 R
1985(and)S
10 B
2159(sattr)S
10 R
2388(structures,)S
720 H
3024 V
970(o)S
1220(an)S
1344(AUTH_MLS)S
1907(authentication)S
2503(style)S
2722(RPC)S
2942(credential,)S
720 H
3180 V
970(o)S
1220(a)S
1314(new)S
1530(TNFS)S
1825(protocol)S
2208(version)S
2552(number)S
2907(to)S
3035(di)S
3113 H
	(f)show 10 -.5 mul h (f)show
10 R
3174(erentiate)S
3567(between)S
3949(NFS)S
4183(V2)S
4356(and)S
4551(the)S
4724(security)S
720 H
3300 V
1220(extended)S
1610(TNFS)S
1885(protocol,)S
2273(and)S
720 H
3456 V
970(o)S
1220(a)S
1294(new)S
1490(protocol)S
1853(procedure,)S
2306(ACCESS,)S
2740(to)S
2848(support)S
3178(the)S
3330(\256le)S
3488(open)S
3712(enhancement)S
4268(described)S
4680(earlier)S
720 H
3612 V
720(Other)S
979(than)S
1183(these)S
1420(changes,)S
1798(however,)S
2198(the)S
2352(syntax)S
2646(and)S
2823(semantics)S
3250(of)S
3366(TNFS)S
3644(remain)S
3954(the)S
4109(same)S
4347(as)S
4463(in)S
4574(the)S
4729(original)S
720 H
3732 V
720(NFS)S
934(V2)S
1086(speci\256cation.)S
720 H
3972 V
10 B
720(3.5.3.2.1.)S
1155(Access)S
1467(Procedure)S
720 H
4128 V
10 R
720(The)S
905(following)S
1324(descriptions)S
1837(are)S
1988(used)S
2201(to)S
2309(de\256ne)S
2583(the)S
2735(new)S
2931(ACCESS)S
3340(procedure.)S
720 H
4404 V
720(De\256nitions)S
1195(used)S
1408(to)S
1516(identify)S
1857(the)S
2009(access)S
2293(request)S
2611(type:)S
720 H
4560 V
970(#de\256ne)S
1294(READ)S
1686(0x001)S
720 H
4680 V
970(#de\256ne)S
1294(WRITE)S
1700(0x002)S
720 H
4800 V
970(#de\256ne)S
1294(EXEC)S
1675(0x004)S
720 H
4920 V
970(#de\256ne)S
1294(SEARCH)S
1749(0x008)S
720 H
5040 V
970(#de\256ne)S
1294(APPEND)S
1743(0x010)S
720 H
5316 V
720(Arguments)S
1194(for)S
1340(the)S
1492(remote)S
1799(access)S
2083(procedure:)S
720 H
5472 V
10 B
970(accessargs)S
720 H
5628 V
10 R
970(struct)S
1222(accessargs)S
1672({)S
720 H
5748 V
1210(fhandle)S
1569(\256le;)S
720 H
5868 V
1210(u_long)S
1578(\257ag;)S
720 H
5988 V
1000(};)S
720 H
6264 V
720(Response)S
1133(from)S
1357(the)S
1509(remote)S
1816(access)S
2100(procedure:)S
720 H
6420 V
10 B
970(accessres)S
720 H
6576 V
10 R
970(union)S
1228(accessres)S
1628(switch)S
1919(\()S
1982(stat)S
2151(status)S
2409(\))S
2472({)S
720 H
6696 V
1090(case)S
1291(NFS_OK:)S
720 H
6816 V
1210(struct)S
1462({)S
720 H
6936 V
1330(bool_t)S
1616(status;)S
1962(/*)S
2070(access)S
2354(status:)S
2640(TRUE)S
2931(or)S
3044(FALSE)S
3410(*/)S
720 H
7056 V
1330(fattr)S
1556(attributes;)S
2016(/*)S
2124(standard)S
2492(\256le)S
2650(attributes)S
3052(*/)S
720 H
7176 V
1210(})S
1318(accessok;)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 8])S
7920 V
EP
%%Page: 9 9
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
1090(default:)S
720 H
960 V
1220(void;)S
720 H
1200 V
970(};)S
720 H
1476 V
720(Procedure)S
1154(de\256nition)S
1568(for)S
1714(checking)S
2104(remote)S
2411(access)S
2695(permission:)S
720 H
1632 V
10 B
970(accessres)S
720 H
1752 V
970(NFSPROC_ACCESS\(accessargs\))S
2426(=)S
2513(18)S
720 H
1908 V
10 R
970(Description:)S
720 H
2064 V
970(Determine)S
1427(if)S
1524(access)S
1815(as)S
1935(described)S
2354(by)S
10 B
2491(\257ag)S
10 R
2684(will)S
2877(be)S
3008(permitted)S
3428(on)S
3565(the)S
3724(remote)S
4038(served)S
4335(object)S
10 B
4616(\256le)S
10 R
4781(by)S
4918(the)S
720 H
2184 V
970(requester.)S
1426(Flag)S
1640(values)S
1931(are)S
2088(bit)S
2230(encoded)S
2598(as)S
2717(de\256ned)S
3047(previously.)S
3530(READ)S
3838(access)S
4128(means)S
4419(that)S
4604(the)S
4761(data)S
4962(in)S
720 H
2304 V
10 B
970(\256le)S
10 R
1131(can)S
1302(be)S
1429(read,)S
1658(WRITE)S
2007(access)S
2294(means)S
2582(that)S
2765(the)S
2920(data)S
3119(in)S
10 B
3231(\256le)S
10 R
3393(can)S
3565(be)S
3693(modi\256ed)S
4083(\(written\),)S
4491(EXEC)S
4786(access)S
720 H
2424 V
970(means)S
1266(that)S
10 B
1457(\256le)S
10 R
1626(can)S
1805(be)S
1940(accessed)S
2328(and)S
2512(executed)S
2906(\(local)S
3173(execution)S
3601(of)S
3724(a)S
3808(remote)S
4125(\256le\),)S
4351(SEARCH)S
4786(access)S
720 H
2544 V
970(means)S
1262(that)S
1449(the)S
1608(directory)S
10 B
2005(\256le)S
10 R
2170(can)S
2345(be)S
2476(used)S
2696(as)S
2816(the)S
2975(argument)S
3389(to)S
3504(a)S
3586(LOOKUP)S
4029(operation,)S
4469(and)S
4651(APPEND)S
720 H
2664 V
970(means)S
1255(that)S
1435(the)S
1587(\256le)S
1745(size)S
1930(can)S
2098(be)S
2222(extended.)S
2667(If)S
10 B
2763(status)S
10 R
3043(is)S
3140(NFS_OK:)S
720 H
2820 V
10 B
1220(accessok.status)S
10 R
1908(will)S
2112(be)S
2254(set)S
2413(to)S
10 B
2539(TRUE)S
10 R
2865(if)S
2974(the)S
3144(access)S
3446(request)S
3782(would)S
4080(be)S
4222(allowed,)S
4611(and)S
4803(set)S
4962(to)S
720 H
2940 V
10 B
1220(FALSE)S
10 R
1573(otherwise,)S
2016(and)S
720 H
3096 V
10 B
1220(attributes)S
10 R
1666(will)S
1852(contain)S
2176(the)S
2328(complete)S
2724(set)S
2865(of)S
2978(\256le)S
3136(attributes)S
720 H
3252 V
970(Otherwise:)S
720 H
3408 V
1220(the)S
1372(NFSERR)S
1781(error)S
2004(number)S
2339(returned)S
2701(identi\256es)S
3098(the)S
3250(error)S
3473(condition)S
720 H
3564 V
970(Implementation:)S
720 H
3720 V
970(The)S
1167(ACCESS)S
1588(procedure)S
2028(provides)S
2414(a)S
2501(means)S
2799(for)S
2958(checking)S
3361(\256le)S
3532(access)S
3829(permission)S
4311(prior)S
4548(to)S
4669(issuing)S
4996(a)S
720 H
3840 V
970(subsequent)S
1452(set)S
1601(of)S
1722(\256le)S
1888(operations.)S
2367(For)S
2544(example,)S
2945(a)S
3027(TNFS)S
3310(client)S
3570(may)S
3780(issue)S
4018(an)S
4150(access)S
4441(procedure)S
4876(as)S
4996(a)S
720 H
3960 V
970(result)S
1223(of)S
1337(an)S
1462(application's)S
2009(\256le)S
10 I
2168(open)S
2393(\(2\))S
10 R
2540(request)S
2859(to)S
2968(determine)S
3398(if)S
3490(subsequent)S
3965(\256le)S
10 I
4124(reads)S
10 R
4377(and/or)S
10 I
4663(writes)S
10 R
4940(by)S
720 H
4080 V
970(the)S
1128(application)S
1608(would)S
1894(be)S
2024(denied)S
2326(by)S
2462(the)S
2620(server)S
2899(as)S
3018(a)S
3098(result)S
3356(of)S
3475(the)S
3633(server's)S
3983(extended)S
4378(\256le)S
4541(access)S
4830(secu-)S
720 H
4200 V
970(rity)S
1141(policies.)S
1509(Note)S
1735(that)S
1917(the)S
2071(information)S
2575(returned)S
2939(by)S
3071(the)S
3225(server)S
3500(in)S
3610(response)S
3992(to)S
4103(an)S
4230(ACCESS)S
4642(procedure)S
720 H
4320 V
970(call)S
1158(is)S
1269(not)S
1441(static;)S
1724(subsequent)S
2211(\256le)S
2382(administrative)S
2997(procedures)S
3477(may)S
3692(result)S
3957(in)S
4078(the)S
4243(modi\256cation)S
4792(of)S
4918(the)S
720 H
4440 V
970(\256le's)S
1200(security)S
1546(attributes.)S
720 H
4680 V
10 B
720(3.5.3.2.2.)S
1155(TNFS)S
1441(Service)S
1781(Routines)S
720 H
4836 V
10 R
720(The)S
927(TNFS)S
1224(protocol)S
1609(de\256nition)S
2045(is)S
2164(de\256ned)S
2510(below)S
2806(as)S
2941(a)S
3037(set)S
3201(of)S
3337(procedures,)S
3852(arguments,)S
4346(and)S
4543(results.)S
4912(All)S
720 H
4956 V
720(modi\256ed)S
1135(data)S
1360(structure)S
1768(de\256nitions)S
2250(are)S
2430(included)S
2833(in)S
2970(this)S
3174(speci\256cation.)S
3793(Most)S
4058(NFS)S
4301(V2)S
4482(protocol)S
4874(data)S
720 H
5076 V
720(de\256nitions)S
1180(remain)S
1494(unchanged,)S
1988(and)S
2169(are)S
2328(documented)S
2854(in)S
2970(the)S
3130(NFS)S
3352(V2)S
3512(protocol)S
3883(speci\256cation.)S
4481(The)S
4674(complete)S
720 H
5196 V
720(set)S
868(of)S
988(TNFS)S
1270(protocol)S
1640(procedures)S
2114(are)S
2272(de\256ned)S
2603(below.)S
2939(The)S
3131(ACCESS)S
3547(procedure)S
3981(is)S
4084(new,)S
4311(but)S
4475(the)S
4633(other)S
4874(pro-)S
720 H
5316 V
720(cedures)S
1082(are)S
1261(the)S
1441(same)S
1704(as)S
1845(those)S
2114(de\256ned)S
2466(in)S
2602(the)S
2782(NFS)S
3024(V2)S
3204(speci\256cation.)S
3823(The)S
4037(GETATTR,)S
4576(SETATTR,)S
720 H
5436 V
720(LOOKUP,)S
1190(READLINK,)S
1765(READ,)S
2102(WRITE,)S
2483(CREATE,)S
2937(MKDIR,)S
3335(READDIR,)S
3844(and)S
4028(ACCESS)S
4447(procedures)S
4924(for)S
720 H
5556 V
720(the)S
872(TNFS)S
1147(protocol,)S
1535(however,)S
1933(include)S
2257(the)S
2409(extended)S
2799(\256le)S
2957(attribute)S
3320(structure)S
10 I
3699(fattr)S
10 R
3902(in)S
4010(the)S
4162(response)S
4541(message.)S
720 H
5712 V
970(program)S
1338(TNFS_PROGRAM)S
2158({)S
720 H
5832 V
1090(version)S
1414(TNFS_VERSION)S
2172({)S
720 H
5952 V
1210(void)S
1628(NFSPROC_NULL)S
2420(\(void\))S
2694(=)S
2780(0;)S
720 H
6072 V
1210(attrstat)S
1602(NFSPROC_GETATTR)S
2583(\(fhandle\))S
2978(=)S
3064(1;)S
720 H
6192 V
1210(attrstat)S
1602(NFSPROC_SETATTR)S
2567(\(sattrargs\))S
3001(=)S
3087(2;)S
720 H
6312 V
1210(diropres)S
1657(NFSPROC_LOOKUP)S
2588(\(diropargs\))S
3061(=)S
3147(4;)S
720 H
6432 V
1210(readlinkres)S
1683(NFSPROC_READLINK)S
2719(\(fhandle\))S
3114(=)S
3200(5;)S
720 H
6552 V
1210(readres)S
1647(NFSPROC_READ)S
2445(\(readargs\))S
2878(=)S
2964(6;)S
720 H
6672 V
1210(attrstat)S
1602(NFSPROC_WRITE)S
2444(\(writeargs\))S
2911(=)S
2997(8;)S
720 H
6792 V
1210(diropres)S
1657(NFSPROC_CREATE)S
2572(\(createargs\))S
3071(=)S
3157(9;)S
720 H
6912 V
1210(stat)S
1589(NFSPROC_REMOVE)S
2537(\(diropargs\))S
3010(=)S
3096(10;)S
720 H
7032 V
1210(stat)S
1589(NFSPROC_RENAME)S
2537(\(renameargs\))S
3092(=)S
3178(11;)S
720 H
7152 V
1210(stat)S
1589(NFSPROC_LINK)S
2353(\(linkargs\))S
2771(=)S
2857(12;)S
720 H
7272 V
1210(stat)S
1589(NFSPROC_SYMLINK)S
2570(\(symlinkargs\))S
3155(=)S
3241(13;)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4700([Page 9])S
7920 V
EP
%%Page: 10 10
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
1210(diropres)S
1657(NFSPROC_MKDIR)S
2516(\(createargs\))S
3015(=)S
3101(14;)S
720 H
960 V
1210(stat)S
1589(NFSPROC_RMDIR)S
2443(\(diropargs\))S
2916(=)S
3002(15;)S
720 H
1080 V
1210(readdirres)S
1668(NFSPROC_READDIR)S
2638(\(readdirargs\))S
3182(=)S
3268(16;)S
720 H
1200 V
1210(statfsres)S
1627(NFSPROC_STATFS)S
2515(\(fhandle\))S
2910(=)S
2996(17;)S
720 H
1320 V
1210(accessres)S
1670(NFSPROC_ACCESS)S
2575(\(accessargs\))S
3091(=)S
3177(18;)S
720 H
1440 V
1090(})S
1168(=)S
1254(1;)S
1482(/*)S
1590(Trusted)S
1925(NFS)S
2139(Version)S
2485(1)S
2595(*/)S
720 H
1560 V
970(})S
1048(=)S
1134(390086;)S
1582(/*)S
1690(Trusted)S
2025(NFS)S
2239(Program)S
2613(Number)S
2970(*/)S
720 H
1800 V
10 B
720(3.5.4.)S
1005(Using)S
1280(TNFS)S
720 H
1956 V
10 R
720(With)S
963(the)S
1128(TNFS)S
1416(protocol)S
1792(procedures)S
2272(described)S
2698(above,)S
3005(listing)S
3300(and)S
3488(modifying)S
3949(remote)S
4270(extended)S
4674(\256le)S
4846(attri-)S
720 H
2076 V
720(butes)S
969(is)S
1073(now)S
1282(supported.)S
1738(The)S
1930(de\256nition)S
2351(of)S
2471(a)S
2552(new)S
2755(application)S
3236(programming)S
3817(interface)S
4202(\(API\))S
4466(to)S
4581(support)S
4918(the)S
720 H
2196 V
720(display)S
1060(of)S
1194(a)S
1289(\256le's)S
1540(security)S
1907(attributes)S
2330(will)S
2537(permit)S
2849(either)S
3127(a)S
3222(new)S
3439(list)S
3613(command)S
4058(\(e.g.)S
4286(lsacl,)S
4545(lsmac\))S
4862(or)S
4996(a)S
720 H
2316 V
720(modi\256cation)S
1258(to)S
1368(the)S
1522(existing)S
10 I
1871(ls)S
1970(\(2\))S
10 R
2118(command)S
2544(to)S
2654(display)S
2975(the)S
3129(security)S
3477(attribute)S
3842(information)S
4346(associated)S
4787(with)S
4996(a)S
720 H
2436 V
720(remote)S
1032(\256le.)S
1251(Likewise,)S
1678(the)S
1836(de\256nition)S
2256(of)S
2375(a)S
2455(new)S
2657(API)S
2854(for)S
3006(setting)S
3309(a)S
3389(\256le's)S
3625(security)S
3977(attributes)S
4385(will)S
4577(permit)S
4874(new)S
720 H
2556 V
720(change)S
1032(security)S
1378(attribute)S
1741(commands)S
2204(to)S
2312(be)S
2436(developed)S
2876(\(e.g.)S
3083(chacl,)S
3348(chmac\).)S
720 H
2712 V
720(The)S
906(\256le)S
1065(open)S
1290(enhancement)S
1848(discussed)S
2263(previously)S
2717(may)S
2921(now)S
3125(be)S
3251(supported.)S
3732(The)S
3919(open)S
4145(API)S
4338(will)S
4526(be)S
4652(translated)S
720 H
2832 V
720(into)S
910(a)S
987(GETATTR)S
1475(operation)S
1885(for)S
2034(the)S
2189(current)S
2504(directory,)S
2922(a)S
2999(LOOKUP)S
3437(operation)S
3847(for)S
3996(the)S
4151(\256le)S
4312(to)S
4423(be)S
4550(opened,)S
4896(and)S
720 H
2952 V
720(an)S
853(ACCESS)S
1271(operation)S
1687(which)S
1970(returns)S
2286(a)S
2369(boolean)S
2724(value)S
2979(indicating)S
3418(whether)S
3778(the)S
3940(access)S
4234(requested)S
4656(would)S
4946(be)S
720 H
3072 V
720(permitted,)S
1177(along)S
1448(with)S
1675(the)S
1846(complete)S
2261(set)S
2421(of)S
2553(the)S
2724(\256le's)S
2973(attributes.)S
3449(Thus,)S
3722(the)S
3892(TNFS)S
4185(client)S
4455(can)S
4641(determine)S
720 H
3192 V
720(whether)S
1083(the)S
1247(application)S
1733(requesting)S
2192(to)S
10 I
2313(open)S
10 R
2550(the)S
2715(remote)S
3035(\256le)S
3206(will)S
3405(be)S
3542(able)S
3751(to)S
3872(access)S
4169(it)S
4268(based)S
4538(on)S
4681(the)S
4846(open)S
720 H
3312 V
720(request)S
1041(type)S
1246(and)S
1423(the)S
1578(application's)S
2126(security)S
2474(credentials.)S
2993(As)S
3136(described)S
3550(earlier,)S
3861(a)S
3937(server)S
4212(may)S
4416(choose)S
4725(to)S
4835(asso-)S
720 H
3432 V
720(ciate)S
941(a)S
1018(set)S
1162(of)S
1278(privileges)S
1705(with)S
1916(the)S
2071(remote)S
2381(subject)S
2697(which)S
2974(are)S
3128(di)S
3206 H
	(f)show 10 -.5 mul h (f)show
10 R
3267(erent)S
3500(from)S
3728(the)S
3884(privilege)S
4273(set)S
4418(associated)S
4862(with)S
720 H
3552 V
720(the)S
889(subject)S
1219(on)S
1366(the)S
1535(client)S
1804(system.)S
2184(The)S
2386(ACCESS)S
2812(procedure)S
3257(call)S
3447(returns)S
3770(the)S
3938(server's)S
4299(assessment)S
4789(of)S
4918(the)S
720 H
3672 V
720(subject's)S
1105(access)S
1389(capabilities.)S
720 H
3828 V
720(The)S
910(information)S
1417(label)S
1646(adjustment)S
2120(policy)S
2405(is)S
2507(also)S
2703(supported,)S
3157(since)S
3397(the)S
3554(AUTH_MLS)S
4122(credential)S
4550(contains)S
4918(the)S
720 H
3948 V
720(subject's)S
1123(information)S
1643(label,)S
1910(and)S
2102(the)S
2272(TNFS)S
2565(reply)S
2818(message)S
3204(contains)S
3585(an)S
3727(extended)S
4135(\256le)S
4311(attribute)S
4691(structure)S
720 H
4068 V
720(which)S
1000(includes)S
1369(the)S
1527(\256le)S
1692(object's)S
2045(information)S
2554(label.)S
2840(Note)S
3071(that)S
3258(the)S
3417(subject's)S
3809(information)S
4318(label)S
4549(may)S
4758(require)S
720 H
4188 V
720(adjustment)S
1193(as)S
1310(a)S
1388(result)S
1644(of)S
1761(reading)S
2094(a)S
2172(remote)S
2483(\256le)S
2644(\(READ\),)S
3040(reading)S
3372(a)S
3449(remote)S
3759(directory)S
4152(\(READDIR\),)S
4720(or)S
4836(read-)S
720 H
4308 V
720(ing)S
882(a)S
960(remote)S
1271(symbolic)S
1672(link)S
1862(\(READLINK\).)S
2527(A)S
2633(remote)S
2944(\256le's)S
3178(\(object\))S
3522(information)S
4028(label)S
4256(may)S
4462(be)S
4590(adjusted)S
4957(as)S
720 H
4428 V
720(a)S
801(result)S
1060(of)S
1180(SETATTR,)S
1681(WRITE,)S
2059(CREATE,)S
2510(RENAME,)S
2994(LINK,)S
3294(SYMLINK,)S
3811(and)S
3992(MKDIR)S
4361(TNFS)S
4642(procedure)S
720 H
4548 V
720(calls.)S
720 H
4788 V
10 B
720(3.5.5.)S
1005(The)S
1202(Extended)S
1638(Attribute)S
2067(Cache)S
720 H
4944 V
10 R
720(NFS)S
934(caching)S
1274(strategies)S
1681(are)S
1832(implementation)S
2490(speci\256c,)S
2850(and)S
3024(are)S
3175(not)S
3333(part)S
3518(of)S
3631(the)S
3783(NFS)S
3998(protocol.)S
4417(Caching)S
4781(is)S
4879(also)S
720 H
5064 V
720(not)S
902(required)S
1288(to)S
1420(support)S
1774(TNFS)S
2073(interoperability.)S
2797(This)S
3028(speci\256cation)S
3586(will)S
3795(therefore)S
4207(not)S
4388(include)S
4735(speci\256c)S
720 H
5184 V
720(details)S
1011(on)S
1141(the)S
1293(issue)S
1523(of)S
1636(attribute)S
1999(caching.)S
2394(However,)S
2814(since)S
3049(the)S
3201(caching)S
3542(mechanisms)S
4067(are)S
4219(included)S
4594(in)S
4703(the)S
4856(NFS)S
720 H
5304 V
720(reference)S
1138(source)S
1447(code)S
1684(releases,)S
2073(and)S
2266(since)S
2520(attribute)S
2902(caching)S
3261(is)S
3377(critical)S
3703(for)S
3868(achieving)S
4305(NFS)S
4537(performance)S
720 H
5424 V
720(goals,)S
986(several)S
1298(suggestions)S
1795(are)S
1946(included)S
2320(in)S
2428(this)S
2603(section.)S
720 H
5580 V
720(In)S
846(most)S
1084(NFS)S
1311(client)S
1576(implementations,)S
2311(remote)S
2631(\256le)S
2802(attributes)S
3217(are)S
3382(cached)S
3702(on)S
3846(the)S
4012(client,)S
4303(improving)S
4764(perfor-)S
720 H
5700 V
720(mance)S
1018(and)S
1200(reducing)S
1587(network)S
1951(tra)S
2056 H
	(f)show 10 -.5 mul h (\256)show
10 R
2140(c.)S
2276(The)S
2468(attribute)S
2838(cache)S
3101(is)S
3205(updated)S
3558(frequently,)S
4030(as)S
4150(most)S
4382(NFS)S
4603(procedures)S
720 H
5820 V
720(return)S
988(\256le)S
1146(attributes)S
1548(along)S
1800(with)S
2008(other)S
2243(requested)S
2655(information.)S
720 H
5976 V
720(A)S
826(client)S
1082(side)S
1277(cache)S
1537(for)S
1687(the)S
1843(extended)S
2237(security)S
2588(\256le)S
2751(attributes)S
3158(should)S
3460(also)S
3656(be)S
3785(considered)S
4252(for)S
4403(similar)S
4716(reasons.)S
720 H
6096 V
720(Since)S
986(all)S
1130(of)S
1257(the)S
1423(\256le's)S
1667(security)S
2027(attributes)S
2443(are)S
2608(returned)S
2984(with)S
3206(each)S
3431(TNFS)S
3719(\256le)S
3890(access)S
4187(request,)S
4543(an)S
4680(extended)S
720 H
6216 V
720(security)S
1066(attribute)S
1429(cache)S
1685(can)S
1853(now)S
2055(be)S
2179(maintained)S
2653(on)S
2783(the)S
2935(client.)S
720 H
6372 V
720(Extending)S
1171(the)S
1333(attribute)S
1706(validation)S
2146(procedure)S
2584(to)S
2702(include)S
3036(validating)S
3476(the)S
3638(security)S
3995(\256le)S
4164(attributes)S
4577(permits)S
4918(the)S
720 H
6492 V
720(complete)S
1119(set)S
1263(of)S
1379(\256le)S
1540(attributes)S
1945(to)S
2056(be)S
2183(checked)S
2542(and)S
2719(refreshed)S
3122(if)S
3216(they)S
3421(are)S
3574(no)S
3706(longer)S
3993(valid.)S
4280(If)S
4378(the)S
4532(\256le's)S
4764(cached)S
720 H
6612 V
720(attributes)S
1133(are)S
1295(not)S
1464(valid,)S
1731(a)S
10 B
1817(GETATTR)S
10 R
2349(procedure)S
2789(call)S
2975(can)S
3155(be)S
3291(made.)S
3604(The)S
3801(TNFS)S
4088(reply)S
4335(to)S
4455(this)S
4642(procedure)S
720 H
6732 V
720(now)S
925(includes)S
1291(the)S
1446(complete)S
1845(set)S
1989(of)S
2105(\256le)S
2266(attribute)S
2632(information,)S
3162(permitting)S
3612(all)S
3745(of)S
3861(the)S
4016(\256le's)S
4249(cached)S
4558(attributes)S
4962(to)S
720 H
6852 V
720(be)S
844(refreshed.)S
1299(Cached)S
1628(attribute)S
1991(entries)S
2287(shall)S
2506(be)S
2630(aged)S
2848(and)S
3022(eventually)S
3468(\257ushed)S
3787(unless)S
4067(refreshed.)S
720 H
7008 V
720(Note)S
945(again)S
1192(that)S
1373(an)S
1498(attribute)S
1862(caching)S
2204(policy)S
2486(is)S
2585(not)S
2745(part)S
2932(of)S
3047(the)S
3201(protocol,)S
3591(and)S
3767(is)S
3866(an)S
3992(implementation)S
4652(technique)S
720 H
7128 V
720(used)S
937(to)S
1049(improve)S
1415(performance.)S
2006(During)S
2322(the)S
2477(window)S
2832(of)S
2948(time)S
3159(that)S
3342(the)S
3497(cache)S
3756(entry)S
3994(is)S
4094(valid,)S
4352(the)S
4507(client)S
4762(system)S
720 H
7248 V
720(applies)S
1068(the)S
1255(MLS)S
1526(access)S
1845(control)S
2193(policies)S
2569(on)S
2734(behalf)S
3048(of)S
3196(the)S
3383(server.)S
3716(It)S
3842(is)S
3974(recommended)S
4604(that)S
4819(if)S
4946(an)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4650([Page 10])S
7920 V
EP
%%Page: 11 11
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720(implementation)S
1391(supports)S
1773(the)S
1938(use)S
2114(of)S
2240(client)S
2505(side)S
2709(attribute)S
3085(caching,)S
3463(it)S
3562(shall)S
3794(also)S
3998(support)S
4341(a)S
4427(mechanism)S
4924(for)S
720 H
960 V
720(disabling)S
1117(the)S
1269(attribute)S
1632(cache.)S
1943(Additional)S
2401(implementation)S
3059(details)S
3350(are)S
3501(provided)S
3886(in)S
3994([4].)S
720 H
1200 V
10 B
720(3.5.6.)S
1005(TNFS)S
1291(Access)S
1603(Control)S
1966(Policy)S
720 H
1356 V
10 R
720(The)S
905(access)S
1189(control)S
1502(policy)S
1782(recommended)S
2377(by)S
2507(this)S
2682(proposal)S
3056(may)S
3258(be)S
3382(stated)S
3645(as)S
3758(follows:)S
720 H
1512 V
970(o)S
1220(a)S
1294(client)S
1546(system)S
10 I
1854(always)S
10 R
2162(applies)S
2475(the)S
2627(access)S
2911(control)S
3224(policy)S
3504(to)S
3612(a)S
3686(local)S
3911(request)S
4230(for)S
4377(access)S
4662(to)S
4771(a)S
4846(local)S
720 H
1632 V
1220(resource,)S
720 H
1788 V
970(o)S
1220(a)S
1295(client)S
1548(system)S
10 I
1857(may)S
2054(\(temporarily\))S
10 R
2623(apply)S
2876(the)S
3029(access)S
3314(control)S
3628(policy)S
3909(to)S
4018(a)S
4093(local)S
4318(request)S
4638(for)S
4786(access)S
720 H
1908 V
1220(to)S
1328(a)S
1402(remote)S
1709(resource;)S
2104(this)S
2279(policy)S
2559(applies)S
2872(to)S
2980(the)S
3132(case)S
3333(of)S
3446(client)S
3698(side)S
3889(attribute)S
4252(caching)S
720 H
2064 V
970(o)S
1220(a)S
1307(server)S
1593(system)S
10 I
1914(always)S
10 R
2235(applies)S
2561(the)S
2726(access)S
3023(control)S
3349(policy)S
3642(to)S
3763(a)S
3850(local)S
4087(request)S
4418(for)S
4577(access)S
4874(to)S
4996(a)S
720 H
2184 V
1220(local)S
1444(resource,)S
720 H
2340 V
970(o)S
1220(a)S
1318(server)S
1615(system)S
10 I
1947(always)S
10 R
2279(applies)S
2616(the)S
2792(access)S
3100(control)S
3437(policy)S
3741(to)S
3874(a)S
3973(remote)S
4305(access)S
4614(to)S
4747(a)S
4846(local)S
720 H
2460 V
1220(resource)S
720 H
2616 V
720(This)S
930(TNFS)S
1207(access)S
1493(control)S
1808(policy)S
2090(ensures)S
2421(that)S
2603(no)S
2735(access)S
3021(will)S
3209(be)S
3335(made)S
3583(without)S
3921(the)S
4076(application)S
4553(of)S
4669(appropri-)S
720 H
2736 V
720(ate)S
866(access)S
1150(control.)S
720 H
2976 V
10 B
720(3.5.7.)S
1005(TNFS)S
1291(Auditing)S
1700(Policy)S
720 H
3132 V
10 R
720(The)S
907(auditing)S
1267(policy)S
1549(recommended)S
2147(by)S
2280(this)S
2458(proposal)S
2835(may)S
3040(be)S
3167(stated)S
3433(as)S
3549(follows.)S
3937(When)S
4208(the)S
4363(security)S
4712(auditing)S
720 H
3252 V
720(function)S
1083(is)S
1180(enabled:)S
720 H
3408 V
970(o)S
1220(a)S
1294(client)S
1546(system)S
10 I
1854(always)S
10 R
2162(audits)S
2431(a)S
2505(local)S
2729(request)S
3047(for)S
3193(access)S
3477(to)S
3585(a)S
3659(local)S
3883(resource,)S
720 H
3564 V
970(o)S
1220(a)S
1294(client)S
1546(system)S
10 I
1854(may)S
10 R
2050(audit)S
2280(a)S
2354(local)S
2578(request)S
2896(for)S
3042(access)S
3326(to)S
3434(a)S
3508(remote)S
3815(resource,)S
720 H
3720 V
970(o)S
1220(a)S
1294(server)S
1567(system)S
10 I
1875(always)S
10 R
2183(audits)S
2452(a)S
2526(local)S
2750(request)S
3068(for)S
3214(access)S
3498(to)S
3606(a)S
3680(local)S
3904(resource,)S
720 H
3876 V
970(o)S
1220(a)S
1294(server)S
1567(system)S
10 I
1875(may)S
10 R
2071(audit)S
2301(a)S
2375(remote)S
2682(request)S
3000(for)S
3146(access)S
3430(to)S
3538(a)S
3612(local)S
3836(resource)S
720 H
4032 V
970(o)S
10 B
1220(an)S
1356(implementation)S
2058(shall)S
2289(support:)S
720 H
4188 V
10 R
1220(*)S
1470(the)S
1622(option)S
1908(for)S
2054(auditing)S
2412(requests)S
2769(for)S
2915(local)S
3139(access)S
3423(to)S
3531(remote)S
3838(resources)S
4244(on)S
4374(the)S
4526(client,)S
4803(and)S
720 H
4344 V
1220(*)S
1470(the)S
1622(option)S
1908(for)S
2054(auditing)S
2412(remote)S
2719(requests)S
3076(for)S
3222(access)S
3506(to)S
3614(local)S
3838(resources)S
4244(on)S
4374(the)S
4526(server)S
720 H
4500 V
1470(Note:)S
1735(This)S
1956(option)S
2255(may)S
2470(require)S
2796(the)S
2962(auditing)S
3334(of)S
3461(the)S
3627(speci\256c)S
3976(TNFS)S
4265(protocol)S
4642(procedure)S
720 H
4620 V
1470(calls,)S
1709(since)S
1944(the)S
2096(protocol)S
2459(procedures)S
2926(are)S
3077(not)S
3235(translated)S
3653(into)S
3839(actual)S
4107("system)S
4456(calls")S
4710(in)S
4818(many)S
720 H
4740 V
1470(server)S
1743(implementations.)S
720 H
4896 V
720(This)S
948(TNFS)S
1243(auditing)S
1621(policy)S
1921(ensures)S
2270(that)S
2470(both)S
2698(clients)S
3009(and)S
3203(servers)S
3536(have)S
3775(the)S
3948(ability)S
4255(to)S
4384(audit)S
4635(all)S
4786(access)S
720 H
5016 V
720(activity)S
1059(within)S
1353(their)S
1574(domain.)S
1967(In)S
2088(a)S
2170(given)S
2430(network)S
2795(environment,)S
3363(it)S
3457(may)S
3667(be)S
3799(desirable)S
4197(to)S
4313(optionally)S
4757(disable)S
720 H
5136 V
720(auditing)S
1078(of)S
1191(remote)S
1498(access)S
1782(on)S
1912(either)S
2169(the)S
2321(client)S
2573(or)S
2686(server)S
2959(to)S
3067(avoid)S
3319(duplication.)S
720 H
5376 V
10 B
720(3.5.8.)S
1005(Support)S
1386(for)S
1543(NFS)S
1762(V2)S
1914(Clients)S
2244(and)S
2436(Servers)S
720 H
5532 V
10 R
720(The)S
910(MLS)S
1151(environment)S
1691(described)S
2108(in)S
2221(this)S
2401(document)S
2830(assumes)S
3198(that)S
3383(most)S
3614(\256le)S
3778(access)S
4068(will)S
4260(take)S
4462(place)S
4708(between)S
720 H
5652 V
720(MLS)S
965(modi\256ed)S
1360(clients)S
1660(and)S
1843(servers.)S
2218(It)S
2317(is)S
2422(still)S
2611(useful,)S
2918(however,)S
3324(to)S
3440(de\256ne)S
3722(the)S
3882(mechanism)S
4375(by)S
4513(which)S
4795(TNFS)S
720 H
5772 V
720(systems)S
1067(can)S
1235(continue)S
1609(to)S
1717(interoperate)S
2223(with)S
2431(NFS)S
2645(V2)S
2797(systems)S
3144(through)S
3485(the)S
3637(use)S
3800(of)S
3913(an)S
4037(appropriate)S
4521(policy.)S
720 H
5928 V
720(One)S
919(such)S
1135(policy)S
1418(involves)S
1790(the)S
1945(use)S
2111(of)S
2227(a)S
2304(\256lter)S
2526(or)S
2642(gateway)S
3007(placed)S
3300(between)S
3665(the)S
3821(modi\256ed)S
4211(and)S
4389(unmodi\256ed)S
4879(sys-)S
720 H
6048 V
720(tems.)S
999(This)S
1212(gateway)S
1579(would)S
1864(insert)S
2121(or)S
2239(delete)S
2512(the)S
2669(appropriate)S
3158(security)S
3509(attribute)S
3877(information)S
4384(on)S
4518(behalf)S
4801(of)S
4918(the)S
720 H
6168 V
720(unmodi\256ed)S
1206(systems.)S
720 H
6324 V
720(This)S
928(speci\256cation)S
1463(assumes)S
1826(the)S
1978(existence)S
2379(of)S
2492(a)S
2566(local)S
2790(database)S
3163(on)S
3293(each)S
3505(MLS)S
3741(system)S
4049(which)S
4323(identi\256es:)S
720 H
6480 V
970(o)S
1220(the)S
1372(hosts)S
1608(which)S
1882(that)S
2062(system)S
2370(will)S
2556(communicate)S
3124(with,)S
720 H
6636 V
970(o)S
1220(the)S
1377(security)S
1728(attributes)S
2135(which)S
2414(it)S
2505(expects)S
2839(to)S
2952(use)S
3120(in)S
3233(the)S
3390(exchange)S
3801(of)S
3919(any)S
4098(data)S
4299(with)S
4512(a)S
4591(given)S
4848(host,)S
720 H
6756 V
1220(and)S
720 H
6912 V
970(o)S
1220(the)S
1389(translation)S
1858(scheme)S
2204(which)S
2495(will)S
2698(be)S
2839(used)S
3069(in)S
3195(translating)S
3665(tokens)S
3974(between)S
4354(this)S
4547(client/server)S
720 H
7032 V
1220(pair.)S
720 H
7188 V
720(This)S
930(information)S
1435(is)S
1535(needed)S
1850(by)S
1983(all)S
2116(network)S
2476(applications,)S
3017(and)S
3194(is)S
3294(not)S
3455(limited)S
3772(to)S
3883(NFS)S
4100(\256le)S
4261(access.)S
4603(The)S
4791(use)S
4957(of)S
720 H
7308 V
720(such)S
936(a)S
1013(database)S
1389(permits)S
1722(a)S
1799(given)S
2054(system)S
2364(to)S
2474(apply)S
2728(some)S
2971(intelligence)S
3469(in)S
3579(dealing)S
3905(with)S
4115(unmodi\256ed)S
4603(clients)S
4896(and)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4650([Page 11])S
7920 V
EP
%%Page: 12 12
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720(servers,)S
1075(and)S
1268(permits)S
1617(an)S
1760(additional)S
2209(veri\256cation)S
2713(\(in)S
2873(terms)S
3144(of)S
3276(the)S
3447(expected)S
3850(security)S
4215(attributes\))S
4669(for)S
4834(MLS)S
720 H
960 V
720(modi\256ed)S
1111(clients)S
1407(and)S
1586(servers.)S
1957(Since)S
2213(TNFS)S
2492(is)S
2593(registered)S
3020(as)S
3137(a)S
3215(di)S
3293 H
	(f)show 10 -.5 mul h (f)show
10 R
3354(erent)S
3587(service)S
3903(with)S
4115(the)S
4271(RPC)S
4495(port)S
4690(mapping)S
720 H
1080 V
720(service,)S
1067(the)S
1229(mapping)S
1619(service)S
1941(may)S
2153(be)S
2287(queried)S
2626(to)S
2744(determine)S
3183(if)S
3284(the)S
3446(TNFS)S
3731(service)S
4053(is)S
4160(supported)S
4594(by)S
4734(a)S
4818(given)S
720 H
1200 V
720(server.)S
720 H
1356 V
720(Based)S
1009(on)S
1154(the)S
1321(information)S
1838(obtained)S
2227(from)S
2466(this)S
2656(database)S
3044(and/or)S
3345(the)S
3513(RPC)S
3749(port)S
3956(mapping)S
4352(service,)S
4705(a)S
4795(TNFS)S
720 H
1476 V
720(client)S
982(would)S
1272(not)S
1439(send)S
1661(any)S
1844(security)S
2199(extended)S
2598(NFS)S
2821(procedure)S
3258(calls)S
3480(to)S
3597(a)S
3680(server)S
3962(which)S
4245(did)S
4412(not)S
4579(support)S
4918(the)S
720 H
1596 V
720(service.)S
1097(A)S
1209(TNFS)S
1494(client)S
1757(should)S
2065(also)S
2267(refrain)S
2573(from)S
2808(sending)S
3160(extraneous)S
3633(security)S
3990(attribute)S
4364(information)S
4877(to)S
4996(a)S
720 H
1716 V
720(TNFS)S
995(server)S
1268(that)S
1448(does)S
1661(not)S
1819(support)S
2149(an)S
2273(equivalent)S
2719(set)S
2860(of)S
2973(security)S
3319(attributes.)S
720 H
1956 V
10 B
720(4.)S
855(Conclusion)S
720 H
2112 V
10 R
720(This)S
937(document)S
1371(describes)S
1782(the)S
1944(set)S
2095(of)S
2218(extensions)S
2680(which)S
2964(support)S
3304(network)S
3671(\256le)S
3839(access)S
4133(in)S
4251(a)S
4335(network)S
4702(environ-)S
720 H
2232 V
720(ment)S
955(consisting)S
1396(of)S
1514(MLS)S
1755(systems)S
2107(using)S
2359(the)S
2516(proposed)S
2917(TNFS)S
3197(protocol)S
3565(extensions.)S
4047(Unmodi\256ed)S
4560(NFS)S
4779(clients)S
720 H
2352 V
720(and)S
894(servers)S
1206(are)S
1357(supported)S
1781(using)S
2028(the)S
2180(de)S
2304(facto)S
2533(NFS)S
2747(V2)S
2899(protocol.)S
720 H
2508 V
720(With)S
951(the)S
1104(previously)S
1557(de\256ned)S
1882(extensions,)S
2360(the)S
2513(MLS)S
2750(network)S
3108(\256le)S
3267(access)S
3552(requirements)S
4104(are)S
4256(met.)S
4493(The)S
4680(extended)S
720 H
2628 V
720(structure)S
1103(de\256nitions)S
1560(support)S
1894(the)S
2050(DAC)S
2295(and)S
2473(MAC)S
2735(attributes)S
3141(required)S
3507(for)S
3657(modifying)S
4108(or)S
4225(displaying)S
4675(the)S
4830(secu-)S
720 H
2748 V
720(rity)S
892(attribute)S
1258(information.)S
1788(The)S
1977(enhanced)S
2387(\256le)S
2549(open)S
2777(operation)S
3188(and)S
3366(the)S
3522(information)S
4028(label)S
4256(adjustment)S
4729(policies)S
720 H
2868 V
720(are)S
871(also)S
1062(supported.)S
720 H
3024 V
720(Thus,)S
985(a)S
1069(small)S
1326(set)S
1477(of)S
1600(extensions)S
2062(to)S
2180(the)S
2342(NFS)S
2566(V2)S
2728(environment)S
3273(permits)S
3613(MLS)S
3859(access)S
4153(control)S
4476(policies)S
4827(to)S
4946(be)S
720 H
3144 V
720(supported.)S
1212(Agreement)S
1698(on)S
1841(these)S
2089(changes)S
2453(will)S
2652(permit)S
2955(the)S
3119(current)S
3443(base)S
3662(of)S
3787(NFS)S
4013(clients)S
4316(and)S
4502(servers)S
4826(to)S
4946(be)S
720 H
3264 V
720(accommodated)S
1367(in)S
1488(the)S
1653(secure)S
1950(environment)S
2498(with)S
2720(no)S
2864(changes,)S
3254(and)S
3442(for)S
3602(TNFS)S
3891(modi\256ed)S
4291(systems)S
4652(to)S
4774(intero-)S
720 H
3384 V
720(perate)S
993(using)S
1240(MLS)S
1476(policies.)S
720 H
3540 V
720(This)S
940(speci\256cation)S
1488(places)S
1780(no)S
1923(dependencies)S
2503(on)S
2646(the)S
2811(underlying)S
3287(network)S
3657(layer,)S
3924(but)S
4095(does)S
4321(acknowledge)S
4890(that)S
720 H
3660 V
720(security)S
1066(labeling)S
1418(information)S
1920(is)S
2017(provided)S
2402(by)S
2532(at)S
2634(least)S
2847(some)S
3088(network)S
3445(implementations.)S
720 H
3900 V
10 B
720(5.)S
855(Acknowledgements)S
720 H
4056 V
10 R
720(I)S
795(would)S
1087(like)S
1279(to)S
1399(acknowledge)S
1967(the)S
2131(members)S
2539(of)S
2665(the)S
2830(TSIG)S
3095(NFS)S
3322(Subcommittee,)S
3968(who)S
4183(were)S
4419(instrumental)S
4962(in)S
720 H
4176 V
720(evolving)S
1102(the)S
1255(MLS)S
1492(extended)S
1883(NFS)S
2098(Protocol)S
2468(Speci\256cation)S
3021(from)S
3246(the)S
3399(original)S
3741(proposal.)S
4141(Many)S
4405(comments)S
4847(were)S
720 H
4296 V
720(also)S
925(made)S
1185(during)S
1490(the)S
1656(review)S
1971(of)S
2099(the)S
2266(later)S
2488(drafts)S
2760(which)S
3049(greatly)S
3371(improved)S
3799(the)S
3966(speci\256cation's)S
4588(readability.)S
720 H
4416 V
720(Contributing)S
1264(members)S
1662(included)S
2037(Morgan)S
2384(Clark,)S
2662(Je)S
2745 H
	(f)show 10 -.5 mul h (f)show
10 R
2837(Edelheit,)S
3226(Fran)S
3440(Fadden,)S
3790(Tricia)S
4059(Jordan,)S
4381(Will)S
4590(Lees,)S
4834(Scott)S
720 H
4536 V
720(Norton,)S
1058(Mike)S
1299(Shipley,)S
1660(Carl)S
1862(Smith,)S
2157(Dave)S
2397(Summers,)S
2830(and)S
3004(Charlie)S
3328(Watt.)S
720 H
4692 V
720(The)S
914(speci\256cation)S
1458(was)S
1652(also)S
1852(reviewed)S
2256(by)S
2395(numerous)S
2828(persons)S
3172(outside)S
3500(of)S
3622(the)S
3783(subcommittee.)S
4409(I)S
4482(would)S
4772(like)S
4962(to)S
720 H
4812 V
720(acknowledge)S
1279(many)S
1534(of)S
1650(these)S
1888(persons)S
2226(as)S
2342(well,)S
2572(as)S
2688(a)S
2765(number)S
3103(of)S
3219(their)S
3434(comments)S
3877(are)S
4030(also)S
4223(re\257ected)S
4598(in)S
4708(the)S
4862(\256nal)S
720 H
4932 V
720(version.)S
720 H
5172 V
10 B
720(6.)S
855(Author's)S
1268(Address)S
720 H
5328 V
10 R
720(Fred)S
933(Glover)S
720 H
5448 V
720(Digital)S
1028(Equipment)S
1497(Corporation)S
720 H
5568 V
720(110)S
900(Spit)S
1092(Brook)S
1372(Road)S
1613(ZK03-3/U14)S
720 H
5688 V
720(Nashua,)S
1074(New)S
1292(Hampshire)S
1760(03062-2698)S
720 H
5928 V
720(Phone:)S
1028(603-881-0388)S
720 H
6168 V
720(EMail:)S
1028(fglover@decvax.dec.com)S
720 H
6408 V
10 B
720(7.)S
855(References)S
720 H
6564 V
10 R
720([1])S
866(Sun)S
1052(Microsystems,)S
1668(Inc.,)S
1875("Sun)S
2102(Network)S
2481(Filesystem)S
2945(Protocol)S
3314(Speci\256cation",)S
3932(Internet)S
4272(RFC)S
4492(1094)S
720 H
6720 V
720([2])S
880(United)S
1197(States)S
1481(Department)S
1997(of)S
2125(Defense)S
2496(Intelligence)S
3012(Agency,)S
3392("Trusted)S
3783(Computer)S
4228(Systems)S
4607(Evaluation)S
720 H
6840 V
970(Criteria")S
720 H
6996 V
720([3])S
895(United)S
1226(States)S
1524(Department)S
2054(of)S
2196(Defense)S
2582(Intelligence)S
3113(Agency,)S
3508("Compartmented)S
4253(Mode)S
4546(Workstation)S
720 H
7116 V
970(Requirements")S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4650([Page 12])S
7920 V
EP
%%Page: 13 13
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4618(July, 1991)S
720 H
840 V
720([4])S
866(Trusted)S
1201(Systems)S
1565(Interoperability)S
2216(Group,)S
2526("The)S
2752(MLS)S
2988(NFS)S
3202(Implementor's)S
3820(Guide",)S
4160(TSIG)S
4412(Document)S
720 H
996 V
720([5])S
880(Trusted)S
1229(Systems)S
1608(Interoperability)S
2274(Group,)S
2599("The)S
2840(MLS)S
3091(Token)S
3391(Translation)S
3891(Speci\256cation",)S
4524(TSIG)S
4791(Docu-)S
720 H
1116 V
970(ment)S
720 H
1272 V
720([6])S
866(Sun)S
1052(Microsystems,)S
1668(Inc.,)S
1875("Sun)S
2102(Remote)S
2443(Procedure)S
2877(Call)S
3074(Speci\256cation",)S
3692(Internet)S
4032(RFC)S
4252(1057)S
720 H
1428 V
720([7])S
866(Sun)S
1052(Microsystems,)S
1668(Inc.,)S
1875("Sun)S
2102(External)S
2470(Data)S
2688(Representation)S
3317(Speci\256cation",)S
3935(Internet)S
4275(RFC)S
4495(1014)S
720 H
1584 V
720([8])S
875(Clark,)S
1161(D.)S
1297(D.)S
1433(and)S
1616(David)S
1899(R.)S
2030(Wilson,)S
2383("A)S
2535(Comparison)S
3063(of)S
3185(Commercial)S
3718(and)S
3901(Military)S
4268(Computer)S
4707(Security)S
720 H
1704 V
970(Policies",)S
1394(Proceedings)S
1923(of)S
2047(the)S
2210(1987)S
2451(IEEE)S
2708(Symposium)S
3228(on)S
3369(Security)S
3743(and)S
3928(Privacy,)S
4299(Computer)S
4740(Society)S
720 H
1824 V
970(Press)S
1211(of)S
1324(the)S
1476(IEEE,)S
1747(Washington,)S
2285(DC.)S
720 H
1980 V
720([9])S
869(Biba,)S
1116(K.)S
1246(J.,)S
1368("Integrity)S
1786(Considerations)S
2419(for)S
2568(Secure)S
2872(Computer)S
3305(Systems",)S
3738(TR-76-372,)S
4240(HQ)S
4418(Electronic)S
4862(Sys-)S
720 H
2100 V
970(tems)S
1189(Division,)S
1589(Hanscomb)S
2046(AFB,)S
2296(MA,)S
2512(April)S
2753(1977)S
720 H
2256 V
720([10])S
946(UK)S
1120(Ministry)S
1495(of)S
1608(Defense,)S
1989(CHOTS)S
2347(contract)S
720 H
2412 V
720([11])S
916(Trusted)S
1251(Systems)S
1615(Interoperability)S
2266(Group,)S
2576("Commerical)S
3141(IP)S
3260(Security)S
3623(Option",)S
3997(TSIG)S
4249(Document)S
720 H
2568 V
720([12])S
916("The)S
1142(Revised)S
1494(IP)S
1613(Security)S
1976(Option",)S
2350(Internet)S
2690(RFCs)S
2949(1038,)S
3204(1108)S
720 H
2724 V
720([13])S
916(Postel,)S
1216(J.,)S
1365("User)S
1624(Datagram)S
2047(Protocol",)S
2482(Internet)S
2822(RFC)S
3042(768)S
720 H
7680 V
720(Trusted Systems Interoperability Group)S
4650([Page 13])S
0 H
7950 V
0(--)S
5406(--)S
7950 V
EP
%%Trailer
%%DocumentFonts: Times-Roman Times-Bold Times-Italic Troff
%%Pages: 13