OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Access control use cases


Title: RE: ebXML Security subteam
Farrukh, Sanjay, thanks for your comments on the access control ops.
Let me take it further. Please comment.
The things that need to be done to complete the access control usecase
are:
 
1. Enumerate the resources (in our case object types) that we want access control on
    Farrukh, you may be able to talk about how RIM changes will impact this.
2. Identify the actions on these resources :
    There is consensus that we tackle
        -life cycle operations
        - read operation
        - update operation
    for V2.
 
3. Map to "Roles" or "Groups" the security actors (btw, mapping the security actors
to mainstream registry actors is an issue). As an example, Registry Publisher is an
unambiguous actor from the security point of view (i.e., we cannot confuse
a Registry Guest from a Registry Publisher) [Farrukh had mentioned that Registry Guest
can also publish in the registry - in that case we can't make any distinction! - my thinking
is that we we separate roles as we fit now, and later combine the roles - comments?]
4. Think of any preconditions for access as well as any post conditions that need to be
satisfied after the access.
 
Sanjay, I am hoping that the usecases for access that you are working can be expanded
along these lines. If you take some preliminary steps along these lines, it should help us.
 
Cheers,
-Suresh


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC