[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Risk adaptive vs BTG
I think Paul has expressed my intent better than I did. I do see BTG as a specific instance of a more general category of use cases (perhaps not unlike the XSPA demo I saw at OASIS IdM last fall). David, I do like the second formulation of BTG (using obligations) better. I suppose I would suggest a broader discussion of how the TC would like to address this category of work over the long term. -----Original Message----- From: Tyson, Paul H [mailto:PTyson@bellhelicopter.textron.com] Sent: Friday, February 11, 2011 11:48 AM To: xacml Subject: RE: [xacml] Risk adaptive vs BTG I think John was attempting to classify BTG as a special case of something more generic. I agree with this line of investigation (though not necessarily with his suggestion that it is an instance of RAAC). David's proposal looks like a very particular solution to what might be a more general problem, and if that is true we would arrive at a better standard by analyzing a range of related use cases to abstract the essential elements into a general case. Regards, --Paul > -----Original Message----- > From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk] > Sent: Friday, February 11, 2011 13:26 > To: xacml > Subject: [xacml] Risk adaptive vs BTG > > The minutes of the last telecon stated "John Tolbert.. [suggested that > BTG] may be more appropriately referred to as Risk Adaptive Access > Control." > > I do not agree with this for the following reasons > > 1. Risk adaptive access control has mechanisms to both override grants > and turn them into denies (when the risk is high) and override denies > and turn them into grants (when the risk is low). > > 2. Risk adaptive access control relies on intelligent machine > components to make the risk decisions and decide whether to reverse > the PDP's decision. > > BTG has neither of the above. > > 3. BTG only allows a deny to be turned into a grant 4. BTG relies on > the intelligent authorised user to make the BTG override decision at > the time of access > > Regards > > David > > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security School of Computing, > University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@kent.ac.uk > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: > http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 > > ***************************************************************** > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]