OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Another Group - Role Distinction?


in scanning through the rbac doc, i agree with your assessment. however
-- just for background purposes -- the snippet below is a remnant from a
thread that was started during the f2f discussing the statement made
there that 'groups and roles are the same thing'. implementationally
this is likely to be the case, but the topic kinda spiraled down into
the realm of the techno-pedantic as we struggled to achieve the proper
wording/example to make our point (in my case that they are not the same
thing). i think that this is why the thread may have seemed some
somewhat bizarre when you first came across it.

again, none of this takes away from the value of the rbac stuff, it's
just that i wanted to clarify how we got to this point for those that
think we might have started to lose our grip on the twig :o)

b

Hal Lockhart wrote:
> 
> I will take this opportunity to post the NIST RBAC paper, as
> www.list.gmu.edu seems to still be down.
> 
> I believe what Simon is describing is what they call Restricted and
> Unrestricted Hierarchies.
> 
> Hal
> 
> > -----Original Message-----
> > From: Simon Y. Blackwell [mailto:sblackwell@psoom.com]
> > Sent: Friday, July 27, 2001 6:59 PM
> > To: 'xacml@lists.oasis-open.org'
> > Subject: Another Group - Role Distinction?
> >
> >
> > Is it the case that groups propagate "up" whereas roles
> > propagate "down" for
> > security purposes?
> >
> > For example:
> >
> > humans is a subgroup primates
> > X is a member of humans
> > ----------------
> > X is a member of primates = True
> >
> > humans is a subgroup primates
> > X is a member of primates
> > -----------------
> > X is a member of humans = Unknown
> >
> > junior auditor is a child-role of senior auditor
> > X can play role junior auditor
> > -----------------
> > X can play role senior auditor = Unknown
> >
> > junior auditor is a child-role of senior auditor
> > X can play role senior auditor
> > -----------------
> > X can play role junior auditor = True
> >
> >
> >
> > Simon Y. Blackwell
> > CTO
> > Psoom, Inc.
> > Voice & Fax: 415-762-9787
> >
> >
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to: xacml-request@lists.oasis-open.org
> >
> 
>   ------------------------------------------------------------------------
>                            Name: rbac-nist.pdf
>    rbac-nist.pdf           Type: Portable Document Format (application/pdf)
>                        Encoding: BASE64
>                 Download Status: Not downloaded with message


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC