OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [Issue] Any and All error semantics


Again, I tried to post this to the list but apparently failed.


--bob

Bob Blakley (email: blakley@us.tivoli.com   phone: +1 512 436 1564)
Chief Scientist, Security, Tivoli Systems, Inc.

---------------------- Forwarded by George Robert Blakley III/Austin/IBM on
08/20/2001 11:13 AM ---------------------------

Hal Lockhart <hal.lockhart@entegrity.com> on 08/20/2001 08:28:36 AM

Please respond to Hal Lockhart <hal.lockhart@entegrity.com>

To:   George Robert Blakley III/Austin/IBM@IBMUS
cc:
Subject:  RE: [Issue] Any and All error semantics



Your interpretations are correct. I will look at rewording the issue
writeup.

Your opinions are edifying, but why not share them with the list?

Hal

> -----Original Message-----
> From: George Robert Blakley III [mailto:blakley@us.tivoli.com]
> Sent: Wednesday, August 15, 2001 6:37 PM
> To: Hal Lockhart
> Subject: Re: [Issue] Any and All error semantics
>
>
> My $0.0.2:
>
> ISSUE:[DS-12-01: AnyAllAttrReq]
>
> >Should an Attribute Assertion Request be allowed to specify
> "ANY" and/or
> >"ALL"? If so, what attributes should be returned and should
> an error be
> >returned in for ANY and for ALL in each of the following case:
>
> Yes, a request should be allowed to specify "ANY/ALL".
>
> >   Subject possesses all requested attributes
>
> ANY: All attributes returned, no error
> ALL: All attributes returned, no error
>
> >   Subject possesses some of requested attributes, but the
> others exist
>
> I don't understand what "but the others exist" means in this sentence.
> If it means, "some subjects have these attributes according to this
> attribute
> authority, but the requested subject does not have these
> attributes", then:
>
> ANY: All attributes which were requested and which the
> subject possesses
>      are returned.  No error.
> ALL: No attributes are returned, no error.
>
> >   Subject possesses some of requested attributes, but others do not
> >exist
>
> I don't understand what "but others do not exist" means in
> this sentence.
> If it means "this authority doesn't support some of the
> requested attribute
> types", then:
>
> ANY: All attributes which were requested and which the
> subject posesses
>      are returned.  No error
> ALL: No attributes are returned.  Error "attribute types
> <xxx, yyy, ...>
> not supported"
>      is returned.
>
> >   Subject possesses some requested attributes which are
> not permitted
> >to be returned to this relying party because of privacy policy
>
> ANY: All attributes which the subject possesses and which
> *are* permitted
> to
>      be returned, are returned.  No error.
> ALL: No attributes are returned, no error.
>
> NOTE: A security policy could also prohibit disclosure of attributes
>      (i.e. it doesn't have to be a privacy policy)
>
> >   Subject possesses none of requested attributes, but does possess
> >others
>
> ANY: No attributes returned, no error
> ALL: No attributes returned, no error
>
> >   All of attributes possessed by this subject are not
> permitted to be
> >returned to this relying party because of privacy policy
>
> ANY: No attributes returned, no error
> ALL: No attributes returned, no error
>
> NOTE: A security policy could also prohibit disclosure of attributes
>      (i.e. it doesn't have to be a privacy policy)
>
> >   Attribute Authority has no information about this subject
>
> ANY:  No attributes returned, error "unknown subject" returned
> ALL: No attributes returned, error "unknown subject" returned
>
> --bob
>
> Bob Blakley (email: blakley@us.tivoli.com   phone: +1 512 436 1564)
> Chief Scientist, Security, Tivoli Systems, Inc.
>




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC