PROTECTION/SIDS -- Subject Identifier Syntax and Usage     83/08/05


  Precisely, a "subject" is an entity that accesses object. Loosely, a
  subject is usually a human user who has been given an account to log
  in to the system; but a subject can also be a server program which may
  not correspond to any human user at all.

  A subject is identified by an SID (subject identifier), which is the
  formal name for the 'log in names' that are used to identify people to
  the system when they log in.  Basically, an SID has three parts: a person
  name (P), project name (P), and organization name (O); the combination is
  often abbreviated to 'PPO'.  In some cases, the node on which the subject
  is running is of importance as well. Thus, a full SID also contains this
  item of information, in which case it is a 'PPON'; but most of the time
  PPO is all that is of concern.

  SIDs consist of the P,P, and O seperated by periods. Thus

      joe.sftwr.r_d

  might be the name of a software programmer in the R & D organization.
  His person name is 'joe'; his project name is 'sftwr'; his organization
  name is 'r_d'.

  If the node ID is required then a PPON for the above example might look
  like:

      joe.sftwr.r_d.14C

  where '14C' is the node ID of the node where 'joe' is logged in.

  In Access Control Lists (ACLs), SIDs can contain a wildcard, similar in
  concept to wildcards used with pathnames.  A '%' in the person, project,
  organization, or node id part of a SID will match any person, project,
  organization, or node (respectively).  Thus

      joe.%.%.%

  would match user 'joe' regardless of his project or organization names,
  and regardless of which node he happened to be using.


RELATED TOPICS

  More information is available.  Type:

  - HELP ACLS
     for  more  information  on  commands  which manipulate access control lists
    (ACLs).

  - HELP PROTECTION
    for more information on protection in general.

  - HELP PROTECTION ACLS
    for detailed information on ACLs.