directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: [Triplesec] [AuthZ] Introduction
Date Tue, 30 Oct 2007 21:53:31 GMT
Alex pointed out that it wasn't all that useful when in my previous  
comments I broke all the threads and glommed all of his descriptions  
together.  So I'm re-commenting on the individual definitions.

On Oct 24, 2007, at 10:14 AM, Alex Karasulu wrote:

> Introduction
> -----------------
> This series describes the circumstances resulting in the need for a  
> centralized
> authorization policy management system.  In doing so, it defines a  
> subset of the
> problems that must be solved by Triplesec's Authorization Manager.   
> These problems
> and the various use cases described here resonate the goals of the  
> Apache Triplesec
> Project with respect to authorization policy.
> We're going to talk about applications, identities, permissions,  
> roles, groups, and the
> assignment of roles to individual identities as well as to groups  
> of identities.  This will
> lead us into discussions regarding what these entities are with  
> clear definitions we can
> agree on and use as the nomenclature for this aspect of Triplesec.

My main problems with this is that to me roles and groups are the  
same thing, and that applications aren't really a basic category.   
Alex and I have been discussing whether groups and roles are  
different aspects of the same thing for quite a while and there's  
more discussion elsewhere.  Applications I can discuss in this series  
of emails.

> Let us try to be as exacting as possible when speaking about these  
> concepts and
> defining them eventually for use in a glossary section of our  
> Triplesec documentation.

OK but by asking for me to be exacting.... I get to be pretty picky :-)

david jencks
> Thanks,
> Alex

View raw message