regrep-security message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Access control use cases
- From: "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>
- To: "'regrep-security@lists.oasis-open.org'"<regrep-security@lists.oasis-open.org>,"'sekhar.vajjhala@Sun.COM'" <sekhar.vajjhala@Sun.COM>
- Date: Tue, 28 Aug 2001 10:04:56 -0500
Title: RE: ebXML Security subteam
Farrukh, Sanjay, thanks for your comments on the access
control ops.
Let me
take it further. Please comment.
The
things that need to be done to complete the access control
usecase
are:
1. Enumerate the resources (in our case object
types) that we want access control on
Farrukh, you may be able to talk
about how RIM changes will impact this.
2.
Identify the actions on these resources :
There is consensus that we tackle
-life cycle
operations
- read
operation
- update
operation
for V2.
3. Map
to "Roles" or "Groups" the security actors (btw, mapping the security
actors
to
mainstream registry actors is an issue). As an example, Registry Publisher is
an
unambiguous actor from the security point of view
(i.e., we cannot confuse
a
Registry Guest from a Registry Publisher) [Farrukh had mentioned that Registry
Guest
can
also publish in the registry - in that case we can't make any distinction! - my
thinking
is
that we we separate roles as we fit now, and later combine the roles -
comments?]
4.
Think of any preconditions for access as well as any post conditions that need
to be
satisfied after the access.
Sanjay, I am hoping that the usecases for access that
you are working can be expanded
along
these lines. If you take some preliminary steps along these lines, it should
help us.
Cheers,
-Suresh
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC