[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Addition to interim requirements
Another set of 'requirements' to add are the ability to withdraw credentials (time out / revocation) [R-Limitation] Ability to limit the scope of a credential. [R-Revoke] Ability to revoke a credential after issue. Now I don't think we necessarily want to provide the architecture to support them BUT they are potential requirements and we should probably say we don't support if we don't support... I will issue an updated doc sometime this week based on all submissions to the list. I think we are making progress here, the real tricky part will be normalizing the nomenclature and terms which we will have to come round to soon. We will end up with several pieces of data that can be sent / recieved and have to give them names (credential/entitlement/ whatever). Problem being that all the best terms tend to be 'loaded' - capabilities, rights, permissions for example. Phill > -----Original Message----- > From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com] > Sent: Monday, January 29, 2001 9:29 AM > To: 'security-core@lists.oasis-open.org' > Subject: Addition to interim requirements > > > I'd like to propose another "interim requirement" for the assertion > group. > > [R-AuthorityScoping] Support for scoping for what assertions an > authority is trusted > > For example, I might want to allow a third party to issue assertions > granting POST access to part of my web server (but not the whole web > server). Another example would be to allow a third party to issue > assertions granting access to a subset of the operations available in > a particular (CORBA) interface. > > Nigel. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC