[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cloudauthz] Groups - CloudAuthZ-usecases-v1.0-1a-BAC-usecases-added.docx uploaded
Mohammad, Thanks for your questions. I will address your second question – Use case 3 – Entitlements Catalogue . Yes we plan to use “semantically-connected
set (ontology) of business tasks” – the current direction is to use json-ld, rdfa, schem.org, and other where possible. There are a few access control vocabularies out there … but none have the business taxonomy (process-activity-task) as abstraction layer.
So planning to reuse as much as possible and augment what is missing. Best regards, Radu Marian, MSCS, SCEA, CISSP Bank of America - Charlotte, NC
VP, Architect 2, Enterprise Security Architecture
Business phone number: (704) 628-6874 an Enterprise without Ontology is like a country without a map. From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org]
On Behalf Of Mohammad Jafari Hello, I had some minor comments about the use-case document. I have a permanent conflict with the TC calls so I haven’t been able to attend them recently but I will follow up on
the mailing list if these comments are discussed. - Use-Case 2 (Integrity Indices): We need to clarify whether we are considering Biba-style
discrete integrity labels, or a floating-point fuzzy integrity level. The complexity of the model and the mathematics for policy evaluation will be very different based upon this and this will also determine what existing technology can be used to enforcing
such policies. I think the same about the “risk-based access control” use case.
- Use-Case 3 (Entitlement Catalogue):
Is anyone aware of a standard vocabulary for business/workflow tasks in an area other than healthcare? The idea is great but I am trying to clarify its feasibility. Also, I suggest considering a semantically-connected set (ontology) of business tasks rather than a flat list as this can be important in capturing some more advanced policies
that care about the relations between different business tasks; e.g. “the employee is entitled to ‘send an email to a customer’ only is this task is part of the ‘billing’ task.” Regards, Mohammad Jafari, Ph.D. Security Architect, Edmond Scientific Company From:
cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org]
On Behalf Of Radu Marian
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]