[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cloudauthz] a definitino of 'Entitlement' - proposal
----- Original Message -----
From: Smith, Thomas C.
Sent: 01/22/13 01:52 PM
To: Mike Poulin, cloudauthz@lists.oasis-open.org
Subject: RE: [cloudauthz] a definitino of 'Entitlement' - proposal
All,
So here’s my two cents…
An entitlement is what you get by virtue of membership regardless of how it’s obtained (birth, grant, activity, etc.). It implies, but does not guarantee or even specify privilege (where privilege is allowing a subject’s requested resource action in a given context). To say it another way, privilege is the consequence of applying policy to entitlement(s). This separation of concerns is very important because the resource owner controls the policy, not the entitlement manager. So if you bind them in the design then it will not scale across resource owners that don’t have the same policy set.
-tom
From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Mike Poulin
Sent: Tuesday, January 22, 2013 8:12 AM
To: cloudauthz@lists.oasis-open.org
Subject: [cloudauthz] a definitino of 'Entitlement' - proposal
Hello All,
here is a proposal for a definitino of Entitlement:
An Entitlement is
- · A concept of having a right to something or a guarantee of access to something or based on established rights or by legislation. A "right" is itself an entitlement associated with a moral or social principle, such that an "entitlement" is a provision made in accordance with the legal framework of a society.
- · A process of on- and off-boarding an entitlement system, claiming and assigning access rights, and administering the entitlement system
- · A system (manual or automated) that physically realises the entitlement process, keeps entitlement entries, maintains permissions and access rights for as well as information about the actors and resources covered by the entitlement
Cheers,
- Michael Poulin
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]