[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [regrep-security] Updated ebRS section 9.7 Access Control
Suresh, Is this intended for v2.1 or v3? Some of my comments may be more appropriate as V3. You make the call. The following: "Any Registry Client can access the content without requiring authentication. However, unauthenticated clients can only access some read-only (getXXX) methods permitted for GuestReader role. The Registry must assign the default GuestReader role to such Registry Clients." Has contradictory first and second sentences. Please consider deleting the first sentence. The following: "Anyone can publish content, but MUST be a Registered User" May be better said by the following: "To publish content, you MUST be a Registered User" I am a little confused by the following: "The Submitting Organization has access to all methods for Registry Objects created by it." Who is "it" at the end of this sentence? Unless I am wrong, the SO cannot create methods. Nor can it "create" Registry Objects. Isn't the SO limited to "registering" stuff? This bullet implies that all submitters must obtain a "certificate." "At the time of content submission, the Registry must assign the default ContentOwner role to the Submitting Organization (SO) as authenticated by the credentials in the submission message. In the current version of this specification, the Submitting Organization will be the DN (Distinguished Name) as identified by the certificate." But this section says nothing about where to obtain certificates. Also where do the credentials go in the "submission message?" Should we be more explicit here? Who are valid Certificate Authorities? What else constitutes a valid certificate? What else needs to be there? Should we be more specific here? Joel -----Original Message----- From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com] Sent: Friday, May 24, 2002 1:59 PM To: 'regrep-security@lists.oasis-open.org' Subject: [regrep-security] Updated ebRS section 9.7 Access Control Team, Here is the new section 9.7 with some scrubbing done. There is the actor to role mapping, and default policies. When custom policies will be used is also mentioned. Please let me know what you think. ----------------- Thanks, -Suresh Sterling Commerce, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC