[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Access control use cases
-----Original Message-----
From: Damodaran, Suresh
Sent: Tuesday, August 28, 2001 10:05 AM
To: 'regrep-security@lists.oasis-open.org'; 'sekhar.vajjhala@Sun.COM'
Subject: Access control use casesFarrukh, Sanjay, thanks for your comments on the access control ops.Let me take it further. Please comment.The things that need to be done to complete the access control usecaseare:1. Enumerate the resources (in our case object types) that we want access control onFarrukh, you may be able to talk about how RIM changes will impact this.2. Identify the actions on these resources :There is consensus that we tackle-life cycle operations- read operation- update operationfor V2.3. Map to "Roles" or "Groups" the security actors (btw, mapping the security actorsto mainstream registry actors is an issue). As an example, Registry Publisher is anunambiguous actor from the security point of view (i.e., we cannot confusea Registry Guest from a Registry Publisher) [Farrukh had mentioned that Registry Guestcan also publish in the registry - in that case we can't make any distinction! - my thinkingis that we we separate roles as we fit now, and later combine the roles - comments?]4. Think of any preconditions for access as well as any post conditions that need to besatisfied after the access.Sanjay, I am hoping that the usecases for access that you are working can be expandedalong these lines. If you take some preliminary steps along these lines, it should help us.Cheers,-Suresh
ebXMLRegistry-Usecase-RW-XACML.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC