OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] BTG sequence diagram

Hi Paul,

I think we are basically in agreement at this point. I agree that there can
be as many btg attrs as necessary. There is a similar notion of consent
that users can apply to their own data, which is also fine grained in the
sense that consent can be specific users can see the consenter's data.

Both these concepts were demo'd in the RSA 2008 Interop, based on
the requirements and recommended techniques provided by the
VHA people: David S, Mike D, and Duane. We didn't have an actual
GlassMgr, but it was implicitly there.


On 4/22/2011 9:49 PM, Paul Tyson wrote:
>> On Fri, 2011-04-22 at 16:32 -0700, Bill Parducci wrote:
>> So Rich, in this scenario you are treating the BTG priv attribute as a Resource? If not, what does "permit" refer to?
>> thanks
>> b
>> On Apr 22, 2011, at 4:25 PM, rich levinson wrote:
>>> 	• The PEP in front of GlassMgr asks the PDP if this User is authorized to activate
>>> his BTG priv.
>>> 	• The PDP says yes, the User, according to Policy is authorized to perform this
>>> action (activate the User's BTG priv), and returns Permit.
> I had in mind a generic "BTG state", which I guess would be an
> environment attribute.  The user invokes a method of the GlassManager
> like "breakGlass()".  Upon finding that the user is authorized to
> execute this action, the GlassManager executes this method to set the
> environment attribute, btg-state, to "true".
> In an earlier email I asked for clarification on what, exactly, the
> glass protected: a person, a class of persons, a resource, a group of
> resources, or some combination of these?
> I guess generically you could have a boolean btg-state attribute for
> every action, resource, and subject (as well as an environment
> btg-state).  Then the user would invoke a method like "breakGlass('Bart
> Simpson')" to unprotect Bart Simpson's records.  The PIP would ask for
> the btg-state attribute pertaining to Bart's records.
> This is another area that needs to be clarified in David's BTG proposal.
> Regards,
> --Paul

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]