Hello, 

I have a very basic question regarding mandatory access controls(MACs).  

Using the following diagram: 

---------------------         ---------------------
|    Subject         |        |     Object         |
---------------------         ---------------------
|    Clearance       |        |    Classification  |
|  Ex - Top Secret   |        |  Ex - Top Secret   |
|                    |        |                    |
---------------------         ---------------------


In the MAC model the "need-to-know" flag, restricts the subject to access the
object.  Is this flag, part of the subject's attributes or the object's
attributes?  OR is "need-to-know" a seperate element, like subject and object,
in the MAC model?

Thank you in advance. 

-- 
Subba Rao

------------------------------------------------------------------------------
Old American Wild West saying:       God created men but Colt made them equal.
Today:                  Linus created Linux and Linux made IT companies equal.