directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [Triplesec] [AuthZ] Introduction
Date Tue, 30 Oct 2007 21:53:31 GMT
Alex pointed out that it wasn't all that useful when in my previous  
comments I broke all the threads and glommed all of his descriptions  
together.  So I'm re-commenting on the individual definitions.

On Oct 24, 2007, at 10:14 AM, Alex Karasulu wrote:

> Introduction
> -----------------
>
> This series describes the circumstances resulting in the need for a  
> centralized
> authorization policy management system.  In doing so, it defines a  
> subset of the
> problems that must be solved by Triplesec's Authorization Manager.   
> These problems
> and the various use cases described here resonate the goals of the  
> Apache Triplesec
> Project with respect to authorization policy.
>
> We're going to talk about applications, identities, permissions,  
> roles, groups, and the
> assignment of roles to individual identities as well as to groups  
> of identities.  This will
> lead us into discussions regarding what these entities are with  
> clear definitions we can
> agree on and use as the nomenclature for this aspect of Triplesec.
>

My main problems with this is that to me roles and groups are the  
same thing, and that applications aren't really a basic category.   
Alex and I have been discussing whether groups and roles are  
different aspects of the same thing for quite a while and there's  
more discussion elsewhere.  Applications I can discuss in this series  
of emails.

> Let us try to be as exacting as possible when speaking about these  
> concepts and
> defining them eventually for use in a glossary section of our  
> Triplesec documentation.

OK but by asking for me to be exacting.... I get to be pretty picky :-)

thanks
david jencks
>
> Thanks,
> Alex


Mime
View raw message