FW: [cloudauthz] a definitino of 'Entitlement'

From: Smith, Thomas C. [mailto:Tom.Smith@jhuapl.edu]
Sent: Tuesday, January 22, 2013 9:07 AM
To: Barbir, Abbie
Subject: RE: [cloudauthz] a definitino of 'Entitlement' - proposal

Abbie,

I tried to post this but it bounced. Can you post it for me? Thanks, -tom

All,

So here’s my two cents…

An entitlement is what you get by virtue of membership regardless of how it’s obtained (birth, grant, activity, etc.). It implies, but does not guarantee or even specify privilege (where privilege is allowing a subject’s requested resource action in a given context). To say it another way, privilege is the consequence of applying policy to entitlement(s). This separation of concerns is very important because the resource owner controls the policy, not the entitlement manager. So if you bind them in the design then it will not scale across resource owners that don’t have the same policy set.

-tom

From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Mike Poulin
Sent: Tuesday, January 22, 2013 8:12 AM
To: cloudauthz@lists.oasis-open.org
Subject: [cloudauthz] a definitino of 'Entitlement' - proposal

Hello All,
here is a proposal for a definitino of Entitlement:

An Entitlement is

· A concept of having a right to something or a guarantee of access to something or based on established rights or by legislation. A "right" is itself an entitlement associated with a moral or social principle, such that an "entitlement" is a provision made in accordance with the legal framework of a society.
· A process of on- and off-boarding an entitlement system, claiming and assigning access rights, and administering the entitlement system
· A system (manual or automated) that physically realises the entitlement process, keeps entitlement entries, maintains permissions and access rights for as well as information about the actors and resources covered by the entitlement

Cheers,
- Michael Poulin

cloudauthz message