[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [regrep] [Proposed Change] Replace Association confirmation withreference access control
Duane Nickull wrote: > I think we are saying the same thing. > +1 Cool! So it sounds like we have Nikola, Carl and Duane supportive of the proposed simplification if I am not mistaken. Any other thoughts? > > D > > Farrukh Najmi wrote: > >> Duane Nickull wrote: >> >>> In the YDS implementation, we used a unix like model for >>> hierarchical classification schemes. If I own node "A", then only I >>> can bestow permissions to other users to RWD nodes with "A" as a >>> parent, directly or indirectly. >>> >>> I can also lock my node from others making reference to it or even >>> seeing it without my permission. >> >> >> >> I assume that above would be moving to XACML since that is the >> normative required way to handle access control? >> >>> >>> What I was getting at is that maybe requiring a blessing is not >>> needed. We simply allow unilateral assertions that "PartyA" says >>> that their object "foo" is associated to "PartyB"'s object "bar" and >>> make it visible whether B has responded or not. That way, If B >>> disagrees, he simply does nothing. >> >> >> >> That is exactly what the current specs do. You should really read the >> 1 page or so that I sent refernces to in original email. >> >>> >>> Unilateral associations are important to acknowledge as something >>> that will happen. It is unlikely that all users of a registry >>> ecosystem will ever arrive at complete consensus. >> >> >> >> The crux of the debate is: >> >> a) whether we treat associations special and different from other >> types of references >> >> b) whether extramural associations should be managed via existing >> access control mechanisms (to prevent unauthorised access) >> or whether it should be unrestricted (unilateral assertion) and then >> confirm (or not) and show confirmation state. >> >> My premise is that we shoudl treat extramural associations the same >> as any other type of refrence and use XACML refrerence Access Control >> to decided who can or cannot create references. >> >> I am curious if YDS ever implemented association confirmation. Anyone >> who has would know the current spec behavior better and would be very >> empathetic to the difficulties in implementation and use of current >> behavior ;-) >> > -- Regards, Farrukh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]