[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm-ra] Trust
Is this a proper understanding that the "lower model for section 5-Security" allows for un-authenticated Principal/Subject to be authorised for an Action? If so, it is OK because we may have some public services that do not require a control over a user identity. However, the "top model for section 3-Business" implicitly states that a Trust may affect Principal's abilities to perform an Action. I would clarify the dotted link with a comment like 'optional' to make it consistent with the "lower model for section 5-Security" Thanks, - Michael Important: Fidelity Investments International (Reg. No.1448245), Fidelity Investment Services Limited (Reg. No. 2016555), Fidelity Pensions Management (Reg. No. 2015142) and Financial Administration Services Limited (Reg. No. 1629709, a Fidelity Group company) are all registered in England and Wales, are authorised and regulated in the UK by the Financial Services Authority and have their registered offices at Oakhill House, 130 Tonbridge Road, Hildenborough, Tonbridge, Kent TN11 9DZ. Tel 01732 361144. Fidelity only gives information on products and does not give investment advice to private clients based on individual circumstances. Any comments or statements made are not necessarily those of Fidelity. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you received this in error, please contact the sender and delete the material from any computer. All e-mails sent from or to Fidelity may be subject to our monitoring procedures. Direct link to Fidelity's website - http://www.fidelity-international.com/world/index.html -----Original Message----- From: Danny Thornton [mailto:danny.thornton@scalablearchitectures.com] Sent: 16 April 2008 23:49 To: Francis McCabe Cc: soa-rm-ra Subject: RE: [soa-rm-ra] Trust I have created two diagrams from the current trust model, the top model for section 3-Business Via Services, and the lower model for section 5-Security. I did not try to incorporate Agent into the section 3 diagram. As always, suggestions are welcome. Danny -------- Original Message -------- Subject: [soa-rm-ra] Trust From: Francis McCabe <frankmccabe@mac.com> Date: Wed, April 16, 2008 1:20 pm To: soa-rm-ra <soa-rm-ra@lists.oasis-open.org> I am afraid that I caused something of an 'upset' at today's telcon concerning trust :) Here are the issues as I see them: 1. I am unhappy substituting participant for agent. My reasoning is that automated systems need to be trusted at least as much as people. There was no clear idea on the call for what participant should be replaced by; although removing the qualifier at the beginning about mostly human participants may be removed. In normal English usage, participants are essentially human in character. 2. The relationship between credentials and identity and action is *not* one of authorization. I am not sure at the moment what it should be but authorization is about the empowerment to perform actions, not whether the person doing them should be trusted. (The CIC has the power to take us to war; but I would not trust him if he asked us to.) 3. Some of the modeling around trust is inextricably linked to the issues covered in Section 3, and so I think that some of this needs to be moved there. That is because the appropriate level of abstraction for trust requires discussing the relationships between organizations, actions, participants etc. 4. A Section 5 discussion on trust should focus on what is needed to support clarity on trust and what is involved in running such a system (In fact, I see elements around trust in all three sections: 3,4 and 5.) So, thinking more generally about this, I feel that (a) we are getting close to the total amount of content for the document but that (b) we are likely to need some reorganization. This is not reason to stop our first public review though. Frank --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]