[OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?

Jim Klimov jimklimov at cos.ru
Sat Jan 5 13:48:21 UTC 2013 

On 2013-01-05 12:29, lucadepandis at gmail.com wrote:
> I never used Trusted Extensions in all my desktop OI installations.
>
> I think the lack of consumers reflects how much their are low important in a
> desktop environment.
>
> IMHO they could be useful in a server environment, but in a desktop context i
> think they are very useless and an additional work that could be deleted.


I believe the TX may be needed to weigh in on an enterprise market
for those possible customers who are required to comply to legal
acts and/or who themselves wish to seperate access to different
resources and networks while providing a single desktop without
means to copy-paste data from windows belonging to different
security labels. This is likely more relevant to terminal server
environments (SunRays, XDMCP) than to single desktops, although
in a corporate setting with centrally-controlled desktops this
mileage may vary.

That said, I think that the equivalent solution can be more simply
be made today with VDI farms dedicated to each ex-label (subnet,
etc.) and without allowing copy-paste and/or screenshots within
the desktop environment.

However, the TX do have a certain marketing baggage as a "proven"
solution that might have once been certified to do the job and
provide the "paper-protection" against audits for act-compliance.
For certain customers the paper compliance does matter and cost
more than actual (and perhaps better) protection which is not yet
certified, and among similar solutions the certified and/or proven
ones have a few bonus points.

All that said, I don't really know anyone that uses TX today or
in the past; I know of similar solutions made with SunRays by a
company that ours is friends with. If the support is too hard to
bear into the future (and lack of lab and real-life testing does
make it harder), I think the code can be either left to wither
until someone comes to bring it up to date, or carved out with
some documented way to carve it back in should someone desire.

My 2c,
//Jim Klimov

More information about the OpenIndiana-discuss mailing list