OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cloudauthz message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: FW: [cloudauthz] a definitino of 'Entitlement' - proposal

Tom, I think we are on the same path. What we call the entity that passes from the user to the resource is less important than its semantics, and we agree it is not a privilege, but rather it is something that the resource owner decides is or is not permission to access what the user requested to access. I dont think entitlement is the correct name for this entity



On 22/01/2013 14:18, Barbir, Abbie wrote:
*From:*Smith, Thomas C. [mailto:Tom.Smith@jhuapl.edu]
*Sent:* Tuesday, January 22, 2013 9:07 AM
*To:* Barbir, Abbie
*Subject:* RE: [cloudauthz] a definitino of 'Entitlement' - proposal


I tried to post this but it bounced. Can you post it for me? Thanks, -tom


So here’s my two cents…

An entitlement is what you get by virtue of membership regardless of how
it’s obtained (birth, grant, activity, etc.). It implies, but does not
guarantee or even specify privilege (where privilege is allowing a
subject’s requested resource action in a given context).  To say it
another way, privilege is the consequence of applying policy to
entitlement(s). This separation of concerns is very important because
the resource owner controls the policy, not the entitlement manager. So
if you bind them in the design then it will not scale across resource
owners that don’t have the same policy set.


[mailto:cloudauthz@lists.oasis-open.org] *On Behalf Of *Mike Poulin
*Sent:* Tuesday, January 22, 2013 8:12 AM
*To:* cloudauthz@lists.oasis-open.org
*Subject:* [cloudauthz] a definitino of 'Entitlement' - proposal

Hello All,
  here is a proposal for a definitino of Entitlement:

An Entitlement is

  * ·A concept of having a right to something or a guarantee of access
    to something or based on established rights or by legislation. A
    "right" is itself an entitlement associated with a moral or social
    principle, such that an "entitlement" is a provision made in
    accordance with the legal framework of a society.
  * ·A process of on- and off-boarding an entitlement system, claiming
    and assigning access rights,  and administering the entitlement system
  * ·A system (manual or automated) that physically realises the
    entitlement process, keeps entitlement entries, maintains
    permissions and access rights for as well as information about the
    actors and resources covered by the entitlement

- Michael Poulin

This message, and any attachments, is for the intended recipient(s)
only, may contain information that is privileged, confidential and/or
proprietary and subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer. If you are not the
intended recipient, please delete this message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]