David,
2. Apart from Kohei-san and Stephen Frost, is anybody actually interested in having this feature at all?
I'm interested in a version of the feature. That is, I'm specifically interested in an SEPostgres which delivers:
a) SELinux-label control (pluggable with TrustedSolaris and other frameworks) of the existing PostgreSQL privileges.
b) Efficient constraint-based row-level security (as opposed to individual row labelling)[1]
I also believe that an SEPostgres which delivered row masking and data substitution would be of interest to a significant number of new users, but that these features are complex and unintuitive enough that they should always be an optional module.
Secondarily, I believe that having integrated SEPostgres support woudl bring us new users from the government security sector and the health care sector who do not currently use PostgreSQL. Whether any of these users would contribute substantially to maintaining it is an open question; they certainly have funding, though, and the NSA has contributed a substantial amount of resources to Linux, and the Japanese Security Agency has contributed to PostgreSQL before.
[1] For an explanation of the two ways to do row-level security, see here: http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-1-30732 http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-2-30757 -- Josh Berkus PostgreSQL Experts Inc. www.pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
