[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [glossary] 'no subject'
Hi Bill > i was reading through the saml glossary that jeff hodges posted some > time back and noticed that the description for the term AUTHORIZATION in > part states: > > "...The (act of) granting of access rights to a subject (for example, a > user, or program)." just my 2 cents. the definition in the saml glossary seems restrictive. i think we do want to include authorizations that refer to the requestor's properties (like being a member_of_acm, or a airline_frequent_flyer). in a global distributed scenario, unknown users can present requests and the access decision may indeed depend on properties they can present by means of certificates rather than on their identity (there are also situtaions in which you want to be able to process requests while maintaining anonymity of requestors). Authorizations can more generally grant access rights to a set of subjects holding some properties. in this respect i agree with the fact that it is too restrictive to require user identity. best -p > > this implies that a subject must exist for a policy to be executed > since: > > 1. an authorization is directly derived from a policy > 2. the only input for this derivation is the policy (the subject cannot > come from another source) > 3. the definition above states that an authorization acts upon a subject
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC