[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fine-grained authorization
Section 7.3 of the spec describes the 'authorization' intent. This qualifiable intent has but a single qualifier: fineGrain and this qualifier is the default. What this means is that if an implementer specifies the 'authorization' intent he will get 'authorization.fineGrain'. This does not seem right as 'fineGrain' describes a specific type of authorization and one that some feel is overly complex. In light of this, we have two recommendations. 1. Remove the 'fineGrain' qualifier described in the final paragraph of section 7.3 and 7.3.1. 2. Do some more thinking about the various styles of qualifier we may want to support for 'authorization' and introduce these in a subsequent version of the spec. If we leave the 'authorization' intent unqualified the deployer is free to use any style of authorization he wants including fineGrain. -- All the best, Ashok
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]