OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Risk adaptive vs BTG

I think John was attempting to classify BTG as a special case of
something more generic.  I agree with this line of investigation (though
not necessarily with his suggestion that it is an instance of RAAC).

David's proposal looks like a very particular solution to what might be
a more general problem, and if that is true we would arrive at a better
standard by analyzing a range of related use cases to abstract the
essential elements into a general case.

Regards,
--Paul

> -----Original Message-----
> From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk]
> Sent: Friday, February 11, 2011 13:26
> To: xacml
> Subject: [xacml] Risk adaptive vs BTG
> 
> The minutes of the last telecon stated "John Tolbert.. [suggested that
> BTG] may be more appropriately referred to as Risk Adaptive Access
>    Control."
> 
> I do not agree with this for the following reasons
> 
> 1. Risk adaptive access control has mechanisms to both override grants
> and turn them into denies (when the risk is high) and override denies
> and turn them into grants (when the risk is low).
> 
> 2. Risk adaptive access control relies on intelligent machine
> components
> to make the risk decisions and decide whether to reverse the PDP's
> decision.
> 
> BTG has neither of the above.
> 
> 3. BTG only allows a deny to be turned into a grant
> 4. BTG relies on the intelligent authorised user to make the BTG
> override decision at the time of access
> 
> Regards
> 
> David
> 
> 
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> School of Computing, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick@kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site:
> http://www.cs.kent.ac.uk/research/groups/iss/index.html
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
> 
> *****************************************************************
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]