OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Top down or bottom up

One of the outstanding issues on the conference call was whether the typing
of assertions should be 'toppish' or 'bottomish'.

For example: Toppish

<Response>
   <YadaYadaYada>
   <AuthorizationAssertion>
      <Version>
      <AssertionID>
      <Claims>
         <Binding>
            <Subject>
               <CommonName>Soup Dragon
            <Object>
               <Resource>

Or alternatively 

<Response>
   <YadaYadaYada>
   <Assertion>
      <Version>
      <AssertionID>
      <Claims>
         <Binding>
            <Subject>
               <CommonName>Soup Dragon
            <Object>
               <Resource>

Where the difference is felt is in the complexity of the schema and in the
limitations imposed on end users.

Say we have 4 types of assertion. Using the top model we have to coordinate
a range of values at the top of the XML tree and at the bottom. An
<AttributeAssertion> can only specify <Attribute> elements as objects. I
think this is a hard problem in any schema language.

The other limitation is on the end users. With top typing we are essentially
telling the world 'use our model or else'. We deliberately prohibit someone
creating an assertion that binds a subject to both an attribute and a role.
I think this is very common 'Alice is a plummer and can access the watergate
files'.

It is possible to kludge arround the limitation for example by hypothecating
multiple assertions. However the following is clean, neat and easilly
implemented. I challenge anyone to give an example of using multiple
assertions that has any of those properties.

<Response>
   <YadaYadaYada>
   <Assertion>
      <Version>
      <AssertionID>
      <Claims>
         <Binding>
            <Subject>
               <CommonName>Soup Dragon
            <Object>
               <Attribute>urn:date-time:1968-02-02:makes_spaghetti
               <Role>urn:date-time:1968-02-02:soup_maker
               <Authorization>
                  <Permision>Read
                  <Resource>http://www.sun.com/finance/secrets.asp


So in summary, the bottom up typing is elegant and efficient and is equally
rigorous in terms of strong typing as the top down model. It avoids the
design error in the type system of over constraining the user that crippled
the Pascal language relegating it to obscure academic use and divergent
standards.

The only thing the bottom up typing does not do is to lock in the end users
into a particular model.

		Phill


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC