[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [regrep-security] RE: Issue 170 resolution in RS 2.01
Joel, "the two tables, Registry User (Actor Column) and Default Access Control Policies (Role Column) should be synchronized." Can you please explain what you mean by "synchronized?" -Suresh -----Original Message----- From: Munter, Joel D [mailto:joel.d.munter@intel.com] Sent: Tuesday, May 14, 2002 10:44 AM To: 'Damodaran, Suresh'; 'anne@drummondgroup.com' Cc: regrep-security@lists.oasis-open.org; 'Farrukh Najmi' Subject: RE: [regrep-security] RE: Issue 170 resolution in RS 2.01 Suresh, During my detailed analysis, I had re-read the respective areas of the spec and see this as slightly more than readability issues. I believe that there is a significant disconnect between the tables described. Roles are described in one place and policies assigned against a different set of roles is described elsewhere. Here is my detailed read on the problem: Within section 9.7 Access Control, there are only 3 roles defined, ContentOwner, RegistryAdministrator, and RegistryGuest. However, there is no consistency between Section 5.3, Registry Users - Table1 - the Actor column, and the information within Table11 - Default Access Control Policies - the Role column. The proposed resolution to the reviewer who raised the issue is "Yes there is a consistency issue here. It is a minor issue since we do not currently provide interface for custom access control policies." I truly believe that the two tables, Registry User (Actor Column) and Default Access Control Policies (Role Column) should be synchronized. Joel -----Original Message----- From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com] Sent: Tuesday, May 14, 2002 7:32 AM To: 'anne@drummondgroup.com' Cc: regrep-security@lists.oasis-open.org; 'Farrukh Najmi' Subject: [regrep-security] RE: Issue 170 resolution in RS 2.01 Anne, This is not an error, and only a readability issue. Line 3935-3936 says "content owner" maps to "Submitting Organization" in this version of the spec". Remove that sentence. Change "Content Owner" to "Submitting Organization" in the table. Also replace "Content Owner" with "Submitting Organization" in section 9.7. Also, in section 5.3 - (lines 336-337) - reword the first sentence as "We describe the actors who use the registry below" - remove the second sentence. Cheers, -Suresh -----Original Message----- From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM] Sent: Tuesday, May 14, 2002 9:17 AM Cc: regrep-security@lists.oasis-open.org; Suresh Damodaran Subject: Issue 170 resolution in RS 2.01 Suresh, We need to provide exact direction to Anne on how to fix this issue for RS 2.01 (next version). Can you assign or take teh action item to get this information to Anne (and copy me) ASAP. Thanks. Issue text is listed below for your convenience. Issue 171: ----------- In 9.7. Access Control, there is only 3 role as Content owner, registry administrator, registry guest. However, there is no consistency between 5.3. Registry Users, Table1. Actors and Table11. Role. I think it's better to have some consistency to describe the role of actors. -- Regards, Farrukh ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC