OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [regrep] Security proposal pointer

Comments on the Security Proposal:
I think there is still some overlap and possible confusion between the
actors and their roles.  For example, Registry Operator and Registry
Administrator.  The comments column states that these may be the same
person.  The function for Registry Operator says that they host the registry
objects, which sounds like this is the person who is responsible for the
registry/repository.  The registry administrator has the administrative
functions for security, but a registered user is authenticated by a Registry
Operator.  I would think the Registry Administrator would be the one who
authenticates a user.  Is it really necessary to have two separate actors -
Operator and Administrator?  How will you clearly define the difference in
the roles and functions?  I would recommend making this one actor and
combine the functions. Then the authentication of the registered user makes
more sense.

What is the difference between the Registry Guest and the Registry Reader?
It looks like they both have read access only.  Neither of them have
contracts, neither of them can change the contents of the registry.  The way
the functions are presented, they appear to have the same roles.  You need
to either more clearly define what the differences are between these two, or
make them one actor.

Registry Publisher may be a bit confusing - the terms sound like this is
someone who publishes the registry.  I know this is not what you mean here!
What about Registry Submitter? (also closer to the terms ISO 11179 uses)?
Sounds more like the function - submits stuff to the registry. Also, is this
actor meant to be an organization, as opposed to an individual person? A
Submitting Organization (ISO 11179) is the organization that submits the
object, and an individual, who may be a registered user or registry content
owner, is the actor who is an individual from that organization and
physically performs the function.

Look a little closer at Registry Client - the two functions listed are
registered user or registered guest, but under registry guest the function
says there is no contract, so I assume a registry guest is not registered,
which conflicts with what it says under registry client.  And does Registry
Client include Registry Reader, who is also a registered user?

It seems that if the actors and functions in this proposal are for V2, then
that is what should be presented in the table (looking at notes).  If some
of the actors are for V3, bring them up at that time.

Line 229, section 7 issues, number 4: In the registry we have implemented at
Boeing, each submission to the registry is considered a different version.
For example, version 1 of a DTD was submitted in January 2001.  In May 2001,
the content owner updated the DTD, and submits the updated version to the
registry.  This must go into the registry with a new version number, and as
a separate registry record.  Then we have two separate registry records for
each of the versions.  Users using version 1 can continue to do so, and be
assured that it has not been changed.

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Thursday, October 18, 2001 2:03 PM
To: 'regrep@lists.oasis-open.org'
Subject: [regrep] Security proposal pointer

Per today's request, here is the pointer to the proposal.


To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC