[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Modeling Delegation of Rights in a simplified XACML withHaskell
On Wed, 3 Dec 2003, Frank Siebenlist wrote:
> Use case 1:
>
> A user has a job running on his behalf on a server, and that job has to start an
> separate ftp service that needs access to the user's files. The user has to give
> the administrative rights to his job that will allow that job to assign the
> access rights to the ftp service to access the file on the user's behalf.
> Currently, we implement this with our proxy-certs in what essentially
> constitutes to pure impersonation.
User has a local FTP SERVICE to house his files. Access to his files is
controled by access policy. According to that policy, the request
User says "Access:File"
will be granted as the user has access to his files.
No, according to your use case, we have Job and FTPClient. So, we have
two other desireable requests:
Job says "Access:File"
and
FTPClient says "Access:File"
Thses requests would normally not be granted by the current access policy
on the FTP SERVER. However, Due to the users "job" set up. Both these
requests should be granted.
Is that a correct interpretation of your use case 1?
Cheers,
-Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]