[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Request for example Assertions
I wonder how access control assertions and policy can be expressed and so I would propose the following very common use case in financial services applications:
An equities trading service enforces access control policy which leverages subject attributes from the firms identity store:
User role (trader, manager, etc.) Trade limit (max trade without additional approval) Trading hours (can trade after hours?) Trade location (can trade from home or office only)
Along with context variables:
Amount of trade Type of trade Equity being traded Additional approval flag
These attributes must be asserted by the client making the request, e.g., a trade portal. The policy enforcement infrastructure would then calculate a policy decision before the service was ever invoked.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]