Re: [xacml] BTG sequence diagram

[David Chadwick <d.w.chadwick@kent.ac.uk>]

Hi Paul

you are correct in saying that the BTG state can be set for every 
subject, action, environment and resource attribute. You are also 
correct in saying that this is not enumerated in the profile that I 
wrote. However, we do treat it as an environmental attribute as you suggest.

In our implementation we allow the policy writer to specify the 
dimensions of the BTG state by encoding the BTG attribute in a 
pre-defined way. But we thought that this would open a whole can of 
worms in the group, about how to encode or not encode attribute names, 
and it did not seem like an item for standardisation. We therefore 
thought it prudent to leave out of the profile how the state dimensions 
are specified and leave this up to applications to decide.

But I am happy to add this as another aspect of the BTG topic for 
discussion if the group wants to

regards

David


On 23/04/2011 02:49, Paul Tyson wrote:
>
>> On Fri, 2011-04-22 at 16:32 -0700, Bill Parducci wrote:
>> So Rich, in this scenario you are treating the BTG priv attribute as a Resource? If not, what does "permit" refer to?
>>
>> thanks
>>
>> b
>>
>> On Apr 22, 2011, at 4:25 PM, rich levinson wrote:
>>
>>> 	• The PEP in front of GlassMgr asks the PDP if this User is authorized to activate
>>> his BTG priv.
>>> 	• The PDP says yes, the User, according to Policy is authorized to perform this
>>> action (activate the User's BTG priv), and returns Permit.
>>
>
> I had in mind a generic "BTG state", which I guess would be an
> environment attribute.  The user invokes a method of the GlassManager
> like "breakGlass()".  Upon finding that the user is authorized to
> execute this action, the GlassManager executes this method to set the
> environment attribute, btg-state, to "true".
>
> In an earlier email I asked for clarification on what, exactly, the
> glass protected: a person, a class of persons, a resource, a group of
> resources, or some combination of these?
>
> I guess generically you could have a boolean btg-state attribute for
> every action, resource, and subject (as well as an environment
> btg-state).  Then the user would invoke a method like "breakGlass('Bart
> Simpson')" to unprotect Bart Simpson's records.  The PIP would ask for
> the btg-state attribute pertaining to Bart's records.
>
> This is another area that needs to be clarified in David's BTG proposal.
>
> Regards,
> --Paul
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************