Andres Freund wrote:
> Hi,
>
> It might be relevant for the whole discussion about inclusion of some form of
> row level permissions, whatever based on, that there exist heaps of (in my
> eyes conflicting) patents about row level permissions for relational
> databases. I don't have any real clue about patent issues, but I fear that
> makes inclusion into an open source product rather hard...
I'm not a lawyer, so we cannot decide whether it has patent issue or not
until we get an adjudication in actually. However, I don't think these are
conflicting the existing patent from the viewpoint of engineering.
> Data security system and method - 5751949 - MCI Corp. - 1998
It said the row-level access controls are applied to force users to access
tables via views. It does not conflicts our design.
> Rule based database security system and method - 6820082 - Allegis Corporation - 2004
It said the row-level access controls are applied based on query modifying.
The legacy implementation of SE-PostgreSQL indeed modified WHERE clause of
given queries to apply row-level access controls, but current one does not.
> Row-level security in a relational database management system - 7240046 - IBM - 2007
It said the row-level access controls are applied based on hierarcal relationship
between subject and object, which is well known as Bell-La-PaDula security model.
SE-PostgreSQL does not have any rules by itself, because it depends on an external
security feature (SELinux). Database ACL is not a hierarcal security model obviously.
> Database fine-grained access control - 7281003 - Oracle - 2007
It said the row-level access controls are applied based on query mofifying,
like as the patent 6820082 doing. It does not conflicts to SE-PostgreSQL.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>