directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ole Ersoy <ole_er...@yahoo.com>
Subject Re: [Triplesec] Permissions, Roles and Groups
Date Tue, 30 Jan 2007 15:27:32 GMT
Another cool thing about having a SDO DAS is that EMF
works very well with Biz Rules.  See:

http://www.eclipse.org/articles/Article-Rule Modeling
With EMF/article.html

We're starting the design discussions around it on the
Tuscany dev list if anyone is interested.

 
--- Stephane Bailliez <sbailliez@gmail.com> wrote:

> 
> 
> Ersin Er wrote:
> >> > These can be extended to the following
> entities:
> >> >
> >> > Policies
> >> >  Subjects
> >> >  Rules
> >> >  Conditions
> >>
> >> Where is this from? Is this SUN's commercialized
> names for things they
> >> have in their access control manager?
> > 
> > Well, these are not only SUN's terminology but
> generic entity
> > descriptors that needs to be provided by a
> powerful access control
> > system.
> > 
> > What we call Users and Roles in Triplesec can be
> extended to the term 
> > Subject.
> > 
> > We don't have anything like Rules, although we
> must have. We just use
> > abstract strings as David said. But this is not
> for controlling access
> > but for storing abstract permission information.
> > 
> > And Conditions are still a required property.
> Beyond selecting the
> > subjects and resources, we may need to satisfy
> more conditions like
> > Authentication Level, IP Address, LDAP Filter,
> Time etc.
> > 
> > These all are also proposed by NIST spec and
> XACML.
> 
> Good point.
> 
> A permission could indeed be temporal or subject to
> other bizrules.
> 
> 
> -- stephane
> 
> 



 
____________________________________________________________________________________
Looking for earth-friendly autos? 
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/

Mime
View raw message