Policy Enforcement (2)

• Each daemon checks actions that it’s clients attempt.

  • If Allowed -- continue action.
  • If Denied -- deliver reject message to client, drop action.

• Decision function is given authenticated name of user and action attempted.

• Actions that can be restricted:

  • Connect, join, leave, multicast, unicast.

• Supports all State Independent decisions.

• Supports some State Dependent decisions.

• Supports different policies at different sites !

Once we know who you are we can enforce a given policy!

Previous slide

Next slide

Back to first slide

View graphic version