OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [regrep-security] Updated ebRS section 9.7 Access Control


Suresh,

Is this intended for v2.1 or v3?  Some of my comments may be more
appropriate as V3.  You make the call.

The following:
	"Any Registry Client can access the content without 
	requiring authentication. However, unauthenticated 
	clients can only access some read-only (getXXX) 
	methods permitted for GuestReader role. The Registry 
	must assign the default GuestReader role to such 
	Registry Clients."
Has contradictory first and second sentences.  Please consider deleting the
first sentence.

The following:
	"Anyone can publish content, but MUST  be a Registered User"
May be better said by the following:
	"To publish content, you MUST  be a Registered User"

I am a little confused by the following:
	"The Submitting Organization has access 
	to all methods for Registry Objects created by it." 
Who is "it" at the end of this sentence?  Unless I am wrong, the SO cannot
create methods.  Nor can it "create" Registry Objects.  Isn't the SO limited
to "registering" stuff?


This bullet implies that all submitters must obtain a "certificate."
	"At the time of content submission, the Registry 
	must assign the default ContentOwner role to the 
	Submitting Organization (SO) as authenticated by 
	the credentials in the submission message. In the 
	current version of this specification, the Submitting 
	Organization will be the DN (Distinguished Name) as 
	identified by the certificate."

But this section says nothing about where to obtain certificates.  Also
where do the credentials go in the "submission message?"  Should we be more
explicit here?  Who are valid Certificate Authorities?  What else
constitutes a valid certificate?  What else needs to be there?  Should we be
more specific here?

Joel


-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Friday, May 24, 2002 1:59 PM
To: 'regrep-security@lists.oasis-open.org'
Subject: [regrep-security] Updated ebRS section 9.7 Access Control



Team,

Here is the new section 9.7 with some scrubbing done. 
There is the actor to role mapping, and default policies.
When custom policies will be used is also mentioned.
Please let me know what you think.

----------------- 
Thanks, 
-Suresh 
Sterling Commerce, Inc. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC