Re: Terms to be clarified at the F2F

[Jeff Hodges <jhodges@oblix.com>]

Here's my thoughts (albeit rough) on the terms imported into
draft-sstc-use-domain-03 from draft-sstc-glossary-00. 

I'm unable to expand on my thoughts further (at this time) about the below
terms. I'll just note their essential status as I see it. When I say "def needs
to be cleaned up" or "def might be ok", I mean that to say the defs stated in
both draft-sstc-glossary-00 and draft-sstc-use-domain-03 need to be cleaned up
and normalized wrt each other (or perhaps not). "Dragons lurking" means that it
seems the term may likely be controversial and/or tough to find a def a
majority of folks will be able to live with. 




Assertion  -- wrt draft-sstc-glossary-00: I'm not sure where sense (a) came
from, I might
have drafted it for all I know. Given how we've chosen to define "credential",
I suggest we delete the "see also: credential" from sense (a). Then sense (a)
might be a resonable definition.  It looks like I sorta concocted sense (b)
from stuff in X.800 -- must've been late @ night. Sorta offhand, seems to me
sense (a) captures the manner in which we've been using "assertion". 

draft-s2ml-v08a only defines "assertion" in context. It looks like
draft-authxml-v2 doesn't use the term (unless acroread is lying to me, which
has happened with it's "find" functionality in my experience before)



Attribute Authority -- def needs to be cleaned up. I dunno how many dragons are
lurking in wait; perhaps some. 


Attribute Assertion -- def might be ok. 


Authentication -- def needs to be cleaned up. I dunno how many dragons are
lurking in wait; perhaps some. 



Authentication Assertion -- def needs to be cleaned up. I'm not sure where the
def came from. I might have drafted it for all I know. There are definitely
dragons lurking about this term. 


Authentication Authority -- def may need to be cleaned up. I have misgivings
about the phrase "that verifies credentials". There are definitely dragons
lurking about this term. 


Authorization Attributes -- def might be ok. 


Credential -- def is ok, imho. 


Log-on -- (not yet in draft-sstc-glossary-00) I think this term will be
contentious. I advocate "authenticate" instead. for some reasons why, see the
defs offered here for logon/login..

http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=logon
http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?login



log-off -- (not yet in draft-sstc-glossary-00) I think this term will be
contentions, tho I'm not sure offhand what I'd advocate instead. Seems to me
it's tied into the notion of stateful sessions (local and/or global)



PDP/PEP -- I have to catch up on the recent threads on the list before saying
much here. 



Principal, or Principle Identity  -- def might be ok, but I can think of at
least one alternative to think about..

  An identifiable instantiation of a system entity within a security domain.



Resource -- def needs work. alternatives are outlined in
draft-sstc-glossary-00. 



Security Domain -- there's a def for this in draft-sstc-glossary-00.



Security Policies -- def might be ok. need to normalize btwn the two docs. 



System Entity -- def likely (?) ok. 



Time Out -- def needs work. dragons lurking here. 


User -- def might be ok, but the one in draft-sstc-glossary-00 needs to be
cleaned up and retain its distinction from an "administrator". Note def for
"user" in draft-sstc-use-domain-03 actually is the one for "end user" in
draft-sstc-glossary-00. If we're really talking about "end users", when we say
"user", in draft-sstc-use-domain-03 -- as opposed to "administrators" -- we
really should use the term "end users". Else if the system entity that we're
calling a "user" might be ~either~ an "end user" or an "administrator", then we
should use the term "user". In any case, I'm thinking that the def for "user"
in draft-sstc-glossary-00 needs to be massaged such that it's clear that a
"user" might be an "end user" or an "administrator" (or don those roles, or
whatever). 



User Session -- def needs work. dragons lurking here. 






---
end