[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [regrep] Security proposal pointer
Comments on the Security Proposal: I think there is still some overlap and possible confusion between the actors and their roles. For example, Registry Operator and Registry Administrator. The comments column states that these may be the same person. The function for Registry Operator says that they host the registry objects, which sounds like this is the person who is responsible for the registry/repository. The registry administrator has the administrative functions for security, but a registered user is authenticated by a Registry Operator. I would think the Registry Administrator would be the one who authenticates a user. Is it really necessary to have two separate actors - Operator and Administrator? How will you clearly define the difference in the roles and functions? I would recommend making this one actor and combine the functions. Then the authentication of the registered user makes more sense. What is the difference between the Registry Guest and the Registry Reader? It looks like they both have read access only. Neither of them have contracts, neither of them can change the contents of the registry. The way the functions are presented, they appear to have the same roles. You need to either more clearly define what the differences are between these two, or make them one actor. Registry Publisher may be a bit confusing - the terms sound like this is someone who publishes the registry. I know this is not what you mean here! What about Registry Submitter? (also closer to the terms ISO 11179 uses)? Sounds more like the function - submits stuff to the registry. Also, is this actor meant to be an organization, as opposed to an individual person? A Submitting Organization (ISO 11179) is the organization that submits the object, and an individual, who may be a registered user or registry content owner, is the actor who is an individual from that organization and physically performs the function. Look a little closer at Registry Client - the two functions listed are registered user or registered guest, but under registry guest the function says there is no contract, so I assume a registry guest is not registered, which conflicts with what it says under registry client. And does Registry Client include Registry Reader, who is also a registered user? It seems that if the actors and functions in this proposal are for V2, then that is what should be presented in the table (looking at notes). If some of the actors are for V3, bring them up at that time. Line 229, section 7 issues, number 4: In the registry we have implemented at Boeing, each submission to the registry is considered a different version. For example, version 1 of a DTD was submitted in January 2001. In May 2001, the content owner updated the DTD, and submits the updated version to the registry. This must go into the registry with a new version number, and as a separate registry record. Then we have two separate registry records for each of the versions. Users using version 1 can continue to do so, and be assured that it has not been changed. -----Original Message----- From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com] Sent: Thursday, October 18, 2001 2:03 PM To: 'regrep@lists.oasis-open.org' Subject: [regrep] Security proposal pointer Per today's request, here is the pointer to the proposal. http://lists.oasis-open.org/archives/regrep/200110/msg00005.html Thanks, -Suresh ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC