[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [cloudauthz] a definitino of 'Entitlement' - proposal
From: Smith, Thomas C. [mailto:Tom.Smith@jhuapl.edu]
Abbie, I tried to post this but it bounced. Can you post it for me? Thanks, -tom All, So here’s my two cents… An entitlement is what you get by virtue of membership regardless of how it’s obtained (birth, grant, activity, etc.). It implies, but does not guarantee or even specify privilege (where privilege is allowing
a subject’s requested resource action in a given context). To say it another way, privilege is the consequence of applying policy to entitlement(s). This separation of concerns is very important because the resource owner controls the policy, not the entitlement
manager. So if you bind them in the design then it will not scale across resource owners that don’t have the same policy set. -tom From:
cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org]
On Behalf Of Mike Poulin Hello All, An Entitlement is
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]