[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Security and Joint Action
So continuing the train of thought from my last response, the verification depends on whether what is built (either software or process) can ideally satisfy specified needs and once built, can it be used as intended. In the absurd case, I build a security mechanism that would work fine but no one is authorized to use it. The validation side is where Dave likes to point out that a single isolated use does exactly what it is supposed to do but the mechanisms/ processes will not scale to address the full problem. Ken On Aug 12, 2009, at 2:12 PM, David E. Ellis wrote: > Frank and List > > I also think it is important to discuss the limits of individual > action as > controlled by the empowerment (authority) of their respective social > structure for participating in either individual action(s) or in joint > action(s) and the stakeholder which has empowerment (authority) over > Action(s)/Joint Action(s) for both Social Structures. This would be > the > Judge in your marriage example. This is critical for the > application of > "Policy Vectors" (Empowerment to proceed with Joint or Individual > action(s)) > within the context of Secure Policy-Oriented Object Routers (SPORs) > used in > the Emergency Management TC discussions. > > Dave > > -----Original Message----- > From: Francis McCabe [mailto:fmccabe@gmail.com] > Sent: Wednesday, August 12, 2009 10:44 AM > To: soa-rm-ra@lists.oasis-open.org RA > Subject: [soa-rm-ra] Security and Joint Action > > When considering the security of interaction two thoughts seem to be > important. > > Issue number one is: "is what is going on what every expects is going > on?" > Issue number two is: "is what is going on what is supposed to be gong > on?" > > Both of these questions go well beyond security. However, in the > domain of secure interaction, the first is addressed in terms of > integrity, confidentiality and authentication: i.e., are the players > who we think they are and do we have the perimeter secured? > > The second speaks to authorization: do the players have the > appropriate authority to be doing what they are doing. > > As a matter of interest, the first is sometimes captured in terms of > the *validity* of an action or actions (including joint actions) and > the second is captured in terms of the *empowerment* of the actors. We > may not need to bring the concepts of validity and empowerment into > the secure interactions diagram; but they should inform us in our > design of the diagram. > > Note: joint actions show up in multiple levels in a given interaction. > Security also shows up in multiple levels. The concept of message does > not appear in all those levels -- only some. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > ----------------------------------------------------------------------------- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]