RE: New FW architecture? (was RE: Time for a new FWTK?)

["Safier, Adam (GEIS)" <Adam.Safier () geis ge com>]

I like your role/definition concept. I've also been thinking in terms of
sets. Calling the management architecture Hierarchical is jumping the
gun.  We need to define the roles different sets have, and their
relationship to each other. Set theory seems well suited to the task.
However, representing complex relationships in a manageable, clear and
human friendly manner seems to elude most of us.

Adam

> -----Original Message-----
> From: Stout, William [SMTP:StoutW () pios com]
> Sent: Tuesday, December 09, 1997 2:07 PM
> To:   'Firewall-wizards'
> Subject:      RE: New FW architecture? (was RE: Time for a new FWTK?)
>
> > ----- Original Message -----
> > From:       Safier, Adam (GEIS) [SMTP:Adam.Safier () geis ge com]
> > Reply To:   Safier, Adam (GEIS) [SMTP:Adam.Safier () geis ge com]
> > Sent:       Monday, December 08, 1997, 11:16:34
> > To: Stout, William
> > Subject:    RE: New FW architecture? (was RE: Time for a new FWTK?)
> >
> > The distributed control concepts need to be expanded further to
> include
> > hierarchical levels of control.  A central IC might set the high
> level
>
> You're right.  
>
> I've seen e-commerce systems designed for two levels of access, then
> patched for additional levels of access.  It would've been better if
> they used a multi-level security system from the start, and initially
> used two levels of that.  I haven't yet dwelled on 'role'/'function'
> security (set-set-set-superset) vs. the hierarchical model
> (set-subset-superset) security issue either.
>
> Bill Stout
> ______________________________________________________________________
> __
> ________
> 1998 will be the year of 'E-commerce' - Self