RE: The Hal/David model

[Darren Platt <dplatt@securant.com>]

I have another comment on this glossary.  I don't think Authorization
Assertions are a statement of policy, but rather a statement of the result
of a particular evaluation of policy.

Darren



> -----Original Message-----
> From: Orchard, David [mailto:dorchard@jamcracker.com]
> Sent: Monday, March 12, 2001 8:32 PM
> To: security-services@lists.oasis-open.org
> Subject: RE: The Hal/David model
>
>
> I have updated the domain model as best I can with the various emails,
> glossary, pdfs, etc. that are available.  I don't yet have a
> usable copy of
> Visio, so the diagram will come from togetherJ for the near future.
>
> This is an imperfect job as I was a bit overwhelmed by the
> glossary and all
> the discussions on terminology differences.  I started bottom-up (what
> glossary terms are required) rather than try to fit all the glossary terms
> in the diagram.
>
> I have liberally and flagrantly infringed copyrights by copying some
> material from the mailing list(s) and the glossary.  I also
> copied from the
> glossary rather than refering to it, so that reviewers could combine all
> their comments together.   I also added issues where definitions seemed
> vague/confusing/etc.
>
> This is complete in that every item and major relationship listed in the
> class diagram has a glossary entry.
>
> Process going forward: I expect that once we come to agreement on what we
> mean by terms, we can then push them back to the glossary.  Please provide
> plenty of feedback to the group on this.
>
> Suggestion for the use case chair and subcommittee: Very soon we
> start only
> allowing conversations about terms that are in the
> glossary/domain model.  I
> have been scanning various e-mails and notice many different
> synonyms, which
> I (and I'm sure other readers) would find confusing.  I suggest
> that the set
> of requirements we are now balloting is a candidate for this.  Terms like
> subject, policy-based disclosure, subject security attributes, parties,
> disclosure,  run-time, sharing, etc. are not currently in the
> domain model,
> nor in the glossary.  One person's run-time is another persons
> compile-time,
> etc.  Let's define these terms or not use them at all.
>
> Dave Orchard
> XML Architect
> Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
> p: 408.864.5118     m: 604.908.8425    f: 408.725.4310
>
> www.jamcracker.com - Sounds like a job for Jamcracker.
>
> > -----Original Message-----
> > From: Eve L. Maler [mailto:eve.maler@east.sun.com]
> > Sent: Friday, March 09, 2001 9:04 AM
> > To: security-services@lists.oasis-open.org
> > Subject: The Hal/David model
> >
> >
> > People who attended F2F #1 will recall the diagram that Hal
> > Lockhart drew
> > up on the whiteboard.  It was something he and David Orchard
> > came up with
> > to help the use-case group settle on terminology and a rough
> > model of the
> > "things" we're discussing.  Fred Moses worked from his notes
> > to create the
> > following electronic version, which reflects a bit more of
> > the discussion
> > we had that day:
> >
> >    http://oasis-open.org/committees/security/docs/sstcach1.gif
> >
> > I'm sure we need more revisions to this diagram, but I would
> > like to work
> > towards consensus on the names for things and the
> > relationships between
> > them.  Please use this thread to discuss it, and we will take
> > it up as a
> > topic at the 20 March telecon.
> >
> > For starters:
> >
> > - On Tuesday, we discussed separating each box so that
> > there's no hint of
> > chronology.  This could mean, e.g., duplicating the "1"
> > callout so that
> > it's shown separately as the output of a credential collector
> > and the input
> > to an authentication authority.
> >
> > - I think the policy balloons should largely be in the "Not
> > SAML" layer
> > above.  Or is the XACML discussion precisely about whether
> > some of these
> > balloons should be in scope?  Can we give distinct names to
> > the different
> > types of policies?
> >
> > - What exactly do the input/output letters above refer to?
> >
> > - I think we *may* have consensus that the "SAML" box should
> > cover more
> > stuff to the left, e.g., it should cover the authentication
> > authority.  Comments?
> >
> > - Do we have consensus that SAML should cover the PEP box?
> >
> > Thanks to Fred for making this version; I think Hal and David
> > should now
> > take up any revisions we ask for.
> >
> > 	Eve
> > --
> > Eve Maler                                             +1 781 442 3190
> > Sun Microsystems XML Technology Development  eve.maler @ east.sun.com
> >
> >
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to:
> > security-services-request@lists.oasis-open.org
> >
>
>