OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [regrep] [Proposed Change] Replace Association confirmation withreference access control


I think we are saying the same thing.  

+1

D

Farrukh Najmi wrote:

> Duane Nickull wrote:
>
>> In the YDS implementation, we used a unix like model for hierarchical 
>> classification schemes.  If I own node "A", then only I can bestow 
>> permissions to other users to RWD nodes with "A" as a parent, 
>> directly or indirectly.
>>
>> I can also lock my node from others making reference to it or even 
>> seeing it without my permission.
>
>
> I assume that above would be moving to XACML since that is the 
> normative required way to handle access control?
>
>>
>> What I was getting at is that maybe requiring a blessing is not 
>> needed. We simply allow unilateral assertions that "PartyA" says that 
>> their object "foo" is associated to "PartyB"'s object "bar" and make 
>> it visible whether B has responded or not.  That way, If B disagrees, 
>> he simply does nothing.
>
>
> That is exactly what the current specs do. You should really read the 
> 1 page or so that I sent refernces to in original email.
>
>>
>> Unilateral associations are important to acknowledge as something 
>> that will happen.  It is unlikely that all users of a registry 
>> ecosystem will ever arrive at complete consensus.
>
>
> The crux of the debate is:
>
> a) whether we treat associations special and different from other 
> types of references
>
> b) whether extramural associations should be managed via existing 
> access control mechanisms (to prevent unauthorised access)
> or whether it should be unrestricted (unilateral assertion) and then 
> confirm (or not) and show confirmation state.
>
> My premise is that we shoudl treat extramural associations the same as 
> any other type of refrence and use XACML refrerence Access Control to 
> decided who can or cannot create references.
>
> I am curious if YDS ever implemented association confirmation. Anyone 
> who has would know the current spec behavior better and would be very 
> empathetic to the difficulties in implementation and use of current 
> behavior ;-)
>

-- 
Senior Standards Strategist
Adobe Systems, Inc.
http://www.adobe.com





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]