security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Resource sets and resource string semantics
- From: "Dr. Anthony Palmer" <tony@vordel.com>
- To: Security-Services <security-services@lists.oasis-open.org>
- Date: Wed, 16 May 2001 12:11:06 +0100
Hi
all,
I
think that this discussion is trying to address multiple issues with one
solution, which may be problematic. Are there not two or mabye three questions
being asked here?
Question
one:
PDP: Yes, ReadOnly
Assumes Alice knows that /documents/foo.txt exists.
Question
two:
PDP: Alice can access:
/documents/foo.txt ReadOnly
/files/Comments.doc Read/Write
/data/cash.xls
ReadOnly
/daily/tasks.doc
ReadOnly
/daily/completed.doc Read/Write
Alice may not know beforehand what she is able to access, or what services are
available(c.f. WSDL type lookup), also the results are dependent on Alices role.
Question
Three:
PDP
Yes
This is problematic because firstly it assumes the entire contents are either
open or closed to Alice. There are no levels of access specified based on roles
or other criteria. Secondly, if Alice does not know what's available on hp.com
question two will need to be asked.
Are these queries
within SAML scope or best left to XACML?
see Hal's mail
dated 04 May 2001 16:56 re: Resource sets and resource
string semantics
Many
Regards
Tony Palmer Ph.D
Research and
Development
Vordel
Cohesion Technologies for
eBusiness
tony@vordel.com
Ph: + 353 1 215 3317
Fax: + 353 1 215
3334
http://www.vordel.com
Cranford
House
Cranford Court
Dublin 4 Ireland
Bored? http://www.vordel.com/careers/jobs.html
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC