OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Fwd: Review Security Info Model(2nd)


I apologize for sitting on this...it got lost in my inbox.

--lisa

Reply-To: =?euc-kr?B?udqw5sfY?= <khpark@innodigital.co.kr>
From: "Jong.L Kim" <jjlkim@innodigital.co.kr>
To: "Lisa Carnahan" <lisa.carnahan@nist.gov>
Subject: Review Security Info Model(2nd)
Date: Thu, 9 Aug 2001 09:46:39 +0900
X-Mailer: Neomail2000-1.4.7-single-ko
Importance: Normal
X-Authentication-Warning: webmail.innodigital.co.kr: nobody set sender to khpark@innodigital.co.kr using -f


Dear Lisa,

I was late to send this.


 

# Problem
Following contents are
mutually antinomic.
if first content is right, permission have to manage
service.

On the contrary if
second content is right, 
security can not be executed before processing of service.
It means security must be executed to each method in it while service is
in processing.
It looks like package of "java.security" in
JDK.


 

# Security Info Model Contents(segREG.pdf)
=====================================================================================
EbXML Registry Security Proposal 
Technical Architecture Security Team


May 10, 2001 

*First content
 319 3.4. Security Processing 
 325 3.4.1. Authentication
 339 3.4.2. Examine Transaction Rights on Object Request
(Authorization)
 346 3.4.3. Registry Bootstrap 
 351 3.4.4. Content Submission  processing done by the Registry
Client 
 354 3.4.5. Content Submission  processing done Registry
Service 
 374 3.4.6. Content Delete/Deprecate  processing done by the
Registry Client
 378 3.4.7. Content Delete/Deprecate  processing done Registry
Service

*Second content
 300 While privileges deal with groups, roles et al, the permissions
deal with the 
 301 methods of an object and tie them to privileges. The permission
is an ¡°and¡± 
 302 operation (or a cumulative) . i.e. an entity can access the
method of a 
 303 RegistryObject only if it has all the privileges as detailed by
the privilage 
 304 object. 
========================================================================================== 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC