[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Risk adaptive vs BTG
I think John was attempting to classify BTG as a special case of something more generic. I agree with this line of investigation (though not necessarily with his suggestion that it is an instance of RAAC). David's proposal looks like a very particular solution to what might be a more general problem, and if that is true we would arrive at a better standard by analyzing a range of related use cases to abstract the essential elements into a general case. Regards, --Paul > -----Original Message----- > From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk] > Sent: Friday, February 11, 2011 13:26 > To: xacml > Subject: [xacml] Risk adaptive vs BTG > > The minutes of the last telecon stated "John Tolbert.. [suggested that > BTG] may be more appropriately referred to as Risk Adaptive Access > Control." > > I do not agree with this for the following reasons > > 1. Risk adaptive access control has mechanisms to both override grants > and turn them into denies (when the risk is high) and override denies > and turn them into grants (when the risk is low). > > 2. Risk adaptive access control relies on intelligent machine > components > to make the risk decisions and decide whether to reverse the PDP's > decision. > > BTG has neither of the above. > > 3. BTG only allows a deny to be turned into a grant > 4. BTG relies on the intelligent authorised user to make the BTG > override decision at the time of access > > Regards > > David > > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security > School of Computing, University of Kent, Canterbury, CT2 7NF > Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@kent.ac.uk > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: > http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]