OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [CR-9-02-?-Disclosure*]

Dave wrote, 
> My concerns about all of the disclosure requirements, is that 
> I cannot see
> how any piece of software could be tested for conformance.  
> In the case of
> Blakely style, "SAM should support *restriction of* 
> disclosure of subject
> security attributes, *based on a policy stated by the 
> subject*", how do I
> write a conformance test that verifes:
> o what are allowable and non-allowable restrictions?
> o How do I test that an non-allowable restriction hasn't been made
> o How do I verify that a subject has stated a policy?
> o How can a subject state a policy
> I just don't know how to test any of these things.

I interpret this requirement as saying the design must not prevent this.
Without checking I believe we have other requirements that can not be tested
> Also, I don't know what a subject is.  I know what 
> credentials, principals,
> users and system entities are.

Good catch. Let's change it to User.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC