Cerberus is the security manager for Poseidon. Security inside brainwave is based on capabilities and policies.
Capabilities
A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and the system infrastructure necessary to make such transactions efficient and secure.
(Source:http://en.wikipedia.org/wiki/Capability-based_security)
The following diagram shows the architecture of a capability-based architecture
Policies
Policies are used when be want to give a access permission to every user in the system. Name of the policies is same as the name of capabilities.
The following diagram shows the architecture of a capability-based architecture
Permissions
There are three kind of permissions available in the system :
read
write
link
read : The read permission controls whether or not you can read/access that meme.
write : The write permission controls whether you can rename, add/ remove aliases, add/remove, binary or metadata to the meme itself.
link : The 'link' permission controls whether or not you can create links based on that meme.
The Cerberus function calls are a part of Poseidon and they are:
addCapability(self, s, v, o, save=True)
revokeCapability(self, s, v, o, save=True)
checkCapability(self, v, o)
getCapability(self, s)
checkPolicy(self, v, o)
getPolicies(self, o)
setPolicy(self, o, v, policyString, save=False)
checkSecurity(self, v, o)
