[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [regrep] [Proposed Change] Replace Association confirmation withreference access control
I think we are saying the same thing.___________________________
+1
D
Farrukh Najmi wrote:
Duane Nickull wrote:
In the YDS implementation, we used a unix like model for hierarchical classification schemes. If I own node "A", then only I can bestow permissions to other users to RWD nodes with "A" as a parent, directly or indirectly.
I can also lock my node from others making reference to it or even seeing it without my permission.
I assume that above would be moving to XACML since that is the normative required way to handle access control?
What I was getting at is that maybe requiring a blessing is not needed. We simply allow unilateral assertions that "PartyA" says that their object "foo" is associated to "PartyB"'s object "bar" and make it visible whether B has responded or not. That way, If B disagrees, he simply does nothing.
That is exactly what the current specs do. You should really read the 1 page or so that I sent refernces to in original email.
Unilateral associations are important to acknowledge as something that will happen. It is unlikely that all users of a registry ecosystem will ever arrive at complete consensus.
The crux of the debate is:
a) whether we treat associations special and different from other types of references
b) whether extramural associations should be managed via existing access control mechanisms (to prevent unauthorised access)
or whether it should be unrestricted (unilateral assertion) and then confirm (or not) and show confirmation state.
My premise is that we shoudl treat extramural associations the same as any other type of refrence and use XACML refrerence Access Control to decided who can or cannot create references.
I am curious if YDS ever implemented association confirmation. Anyone who has would know the current spec behavior better and would be very empathetic to the difficulties in implementation and use of current behavior ;-)
--
Senior Standards Strategist
Adobe Systems, Inc.
http://www.adobe.com
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]