Contents
--------

 - User ID's
   - Users
   - Groups
   - Expressions
 - Sharing Resources
   - Dedicated resources ("takable")
   - Shared resources ("sharable")
   - Lockable resources ("takable" or "sharable")

Notes
 - everbody = true
 - special groups (first 32 reserved: root, wheel, true, false)
 - no cycles (check for match first)
 - users have list of groups
 - groups have list of users
 - users/groups have list of siblings?
 - define format
 - rights list
   - for groups/expressions, order determines priority
   - first match is used for effective rights

User ID's
=========

All users are stored in a database.  Each user has an associated 32-bit
number that is its ID.  The database is indexed by these ID's and is used
to check for matches of two given user ID's.

There are three types of users: individuals, groups, and boolean
expressions.  A user ID matches an individual if and only if it matches the
individual's ID.  A user ID matches a group if and only if it matches the
ID of a member of that group.  Note that this allows for chaining of group
memberships via recursion.  Finally, a user ID matches a boolean
expression provided that it matches enough ID's to make the expression
true.  For example, if user A is a member of group B, but is not a member
of group C, then user A matches the expression C or A as well as the
expression B or C.  However, A does not match the expression B and (not A)
or not A.

Format of the user ID.  The user ID consists of two bit fields.  Bits 30-31
indicate the type of the user ID.  Bits 0-29 are used to number the
specific user ID.  Thus a user ID of 00000000h corresponds to individual 0,
and a user ID of 40000000h corresponds to group 0.

Table 1 - User ID Types

  Type | Description
 ------+-------------------
   00  | Individual
   01  | Group
   10  | Boolean expression
   11  | Reserved

Reserved User ID's
------------------

The first 32 user ID's in each category are reserved for use by the
operating system.  Some of these reserved user ID's are given special
values and/or names.  Individual 0 corresponds to the root, aka
administrator or supervisor, user who has unlimited access to the system.
Expression 0 corresponds to True.  Everybody except for root matches True.
Expression 1 corresponds to False.  At the moment False doesn't match
anyone and has no purpose.  Individual 1 corresponds to the nobody user who
never has rights.  He only matches the True expression (he doesn't match
himself).

Validating Group Membership
---------------------------

The recursive matching algorithm fails if there is a cycle among the group
hierarchy.  For example, if group A is a member of group B and group B is
a member of group A, then the function would never exit.  Thus, no cycles
are allowed in the group hierarchy.  This can easily be prevented by
performing a simple check before allowing a user to become a member of a
group.  If user A wishes to become a member of group B, then the operation
can only be allowed if B does not match A.

Contents of Records
-------------------

Individuals:

Individual users have a name, a list of groups of which they are members,
and a set of extended attributes.  These extended attributes can hold
addresses, phone numbers, etc.  The list of groups consists of a simple
array of group user ID's.

Groups:

Group users have all of the properties of individual users.  However,
groups also have a list of members.  This list of members consists of a
simple array of individual and group user ID's.

Boolean Expressions:

Boolean expression ID's contain a boolean expression.  The expression is
made up of operators and user ID's.  There are three types of operators:
binary operators, unary operators, and grouping operators.  The binary
operators include AND, OR, and XOR.  The only unary operator is NOT.  The
parantheses are used as the grouping operators.  A user ID in an expression
returns true if the user ID in question matches it.  Thus, the user A would
match the expression (B and C) or (not D) if either A matched B _and_ A
matched C or A did _not_ match D.

Sharing Resources
=================

All resources in a computer are controlled by a user.  However, the way
in which control is given to a user depends on the type of resource.  A
dedicated resource can only be controlled by one user.  Thus, a user must
take complete and exclusive control of the device.  For example, a COM
port on a computer can only be used by one process.  A shared resource, on
the other hand, can be used by several users.  For instance, a network
connection can be used by several users.  A lockable resource is a shared
resource that can be locked and taken as a dedicated resource by a user.
A file is an example of a lockable resource.

At the start, all resources start off as dedicated resources.  Drivers then
take ownership of these resources, and at their prerogative can create
dedicated and/or shared resources of their own, but they don't have to.
They can be selfish little drivers that don't know how to share and wish
to hog a piece of the computer to themselves.  Then the operating system
will take them out back and paddle them until they share.  ( ;) You see,
OS programmers do have a sense of humor.)  These shared resources can have
rights list which determine which users can access or take control of them.
We strongly (did we say strongly?), in fact we _very strongly_ encourage
that all resources (or at least most) implement security as to which users
can access their resource.  Thus, a dedicated resource, such as a modem,
could only be taken by users who have permission to do so, and shared
resources, such as a PPP connection can only be used by users with
permission.  This could be used, for example, to let all workers in an
office access the InterNet via a PPP connection except for part time help.