cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Britton, Colin" <>
Subject RE: [RT] Access Control (was [RT] Cocoon as OS)
Date Mon, 04 Feb 2002 13:44:17 GMT

> To conclude: I belive that a request URI based AC system have 
> clear advantages compared to pipeline based AC, and that it 
> could be added to Cocoon without effecting the contracts at 
> all. I also think that the "correct" way of handling security 
> is a resource based system, and that a such would need to 
> affect the inner workings of Cocoon.
> Comment, ideas?

Have you looked at SAML

<SNIP src="from spec">
The Security Assertion Markup Language (SAML) is an XML-based framework
for exchanging security information. This security information is
expressed in the form of assertions about subjects, 
where a subject is an entity (either human or computer) that has an
identity in some security 
domain. A typical example of a subject is a person, identified by his or
her email address in a 
particular Internet domain[PHB2]. 

Assertions can convey information about authentication acts performed by
subjects, attributes of 
subjects, and authorization decisions about whether subjects are allowed
to access certain 
resources. Assertions are represented as XML constructs and have a
nested structure, whereby a 
single assertion might contain several different internal statements
about authentication, 
authorization, and attributes. Note that authentication assertions
merely describe acts of 
authentication that happened previously; checking and revoking of
credentials is outside the scope 
of this version of SAML[PHB3]. 

To unsubscribe, e-mail:
For additional commands, email:

View raw message