OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cloudauthz message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cloudauthz] Groups - CloudAuthZ-usecases-v1.0-1a-BAC-usecases-added.docx uploaded

Mohammad,

 

Thanks for your questions.  I will address your second question – Use case 3 – Entitlements Catalogue .  Yes we plan to use “semantically-connected set (ontology) of business tasks” – the current direction is to use json-ld, rdfa, schem.org, and other where possible.  There are a few access control vocabularies out there … but none have the business taxonomy (process-activity-task) as abstraction layer.  So planning to reuse as much as possible and augment what is missing.

 

Best regards,

Radu Marian, MSCS, SCEA, CISSP

Bank of America - Charlotte, NC

VP, Architect 2, Enterprise Security Architecture                                                

Business phone number: (704) 628-6874

an Enterprise without Ontology is like a country without a map.

 

From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Mohammad Jafari
Sent: Friday, May 24, 2013 1:56 PM
To: cloudauthz@lists.oasis-open.org
Subject: RE: [cloudauthz] Groups - CloudAuthZ-usecases-v1.0-1a-BAC-usecases-added.docx uploaded

 

Hello,

 

I had some minor comments about the use-case document. I have a permanent conflict with the TC calls so I haven’t been able to attend them recently but I will follow up on the mailing list if these comments are discussed.

 

- Use-Case 2 (Integrity Indices): We need to clarify whether we are considering Biba-style discrete integrity labels, or a floating-point fuzzy integrity level. The complexity of the model and the mathematics for policy evaluation will be very different based upon this and this will also determine what existing technology can be used to enforcing such policies.

I think the same about the “risk-based access control” use case.

 

- Use-Case 3 (Entitlement Catalogue): Is anyone aware of a standard vocabulary for business/workflow tasks in an area other than healthcare? The idea is great but I am trying to clarify its feasibility.

Also, I suggest considering a semantically-connected set (ontology) of business tasks rather than a flat list as this can be important in capturing some more advanced policies that care about the relations between different business tasks; e.g. “the employee is entitled to ‘send an email to a customer’ only is this task is part of the ‘billing’ task.”

 

 

Regards,

Mohammad Jafari, Ph.D.

Security Architect, Edmond Scientific Company

 

 

From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Radu Marian
Sent: Monday, April 29, 2013 10:18 AM
To: cloudauthz@lists.oasis-open.org
Subject: [cloudauthz] Groups - CloudAuthZ-usecases-v1.0-1a-BAC-usecases-added.docx uploaded

 

Document Name: CloudAuthZ-usecases-v1.0-1a-BAC-usecases-added.docx

Description
Added 2 use cases - Entitlements Catalog and Segregation of Duties based on
Business Meaning.
Download Latest Revision
Public Download Link

Submitter: Mr. Radu Marian
Group: OASIS Cloud Authorization (CloudAuthZ) TC
Folder: Documents
Date submitted: 2013-04-29 09:17:34

 

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]