OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cloudauthz message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cloudauthz] a definitino of 'Entitlement' - proposal

Hi David,

what is incorrect with the concept of entitlement and why we should not use it (we stillhave not defined what is it)?

I am surprised - "the user provides an identity credential, which may or may not grant the user access to a resource"  - I never saw that simply identity performed an action and granted (or not) a right. I think, we need a more accurate _expression_ here. What I saw is somebody or something granted or not granted a right to an Actor based on its identity (digital, biological, etc.)

I agree with "Entitlement is a right." However, this definition is incomplete, IMO, becuase if it is all, then why we need a term 'entitlement' instead of 'right'? I think, we have to include the Actor and the Resource into the definition of Entitlement.

What I wrote initially may be a definition of an Entitlement Solution.

- Michael Poulin


----- Original Message -----

From: David Chadwick

Sent: 01/22/13 02:21 PM

To: Mike Poulin

Subject: Re: [cloudauthz] a definitino of 'Entitlement' - proposal

I think the concept of entitlement is not the correct one and we should 
not be using it. Rather, I think that the user provides an identity 
credential, which may or may not grant the user access to a resource. 

Entitlement is a right. But the user's credential is not always a right. 
The resource holder (the cloud service provider) can decide which 
credentials it will accept and which it will not. 



On 22/01/2013 13:12, Mike Poulin wrote: 
> Hello All, 
>   here is a proposal for a definitino of Entitlement: 
> An Entitlement is 
>   * ·A concept of having a right to something or a guarantee of access 
>     to something or based on established rights or by legislation. A 
>     "right" is itself an entitlement associated with a moral or social 
>     principle, such that an "entitlement" is a provision made in 
>     accordance with the legal framework of a society. 
>   * ·A process of on- and off-boarding an entitlement system, claiming 
>     and assigning access rights, and administering the entitlement system 
>   * ·A system (manual or automated) that physically realises the 
>     entitlement process, keeps entitlement entries, maintains 
>     permissions and access rights for as well as information about the 
>     actors and resources covered by the entitlement 
> Cheers, 
> - Michael Poulin


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]