directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [Triplesec] [AuthZ] Applications and Roles
Date Wed, 24 Oct 2007 22:27:37 GMT
I have some problems with these definitions that I have not had time  
to write up comprehensibly but I would appreciate more discussion  
before we put them on the web site.

I'd like to counter-propose that we use the definitions from the NIST  
paper or better the standard which it has turned into instead.  To me  
they are a lot more self contained and clearer.  For instance, Alex's  
definitions below use the term "principal" which I don't think he's  
defined yet.  I think there's a good chance that terms or definitions  
that have been used by the research community for 10-15 years have  
clearer definitions and fewer conceptual holes or redundancies than  
terms or definitions we come up with even if based on common practice.

NIST paper:
http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf

ANSI standard based on this: (I have not read this yet):
http://www.techstreet.com/cgi-bin/detail?product_id=1151353

thanks
david jencks

On Oct 24, 2007, at 2:37 PM, Emmanuel Lecharny wrote:

> Very clear.
>
> Do we have those definitions on the web site, or should we inject  
> them ?
>
> On 10/24/07, Alex Karasulu <akarasulu@apache.org> wrote:
>> Applications and Roles
>> ---------------------------------
>>
>> Application designers devise security permissions and roles  
>> specific to
>> applications.  These
>> roles represent a set of rights authorizing principals to perform  
>> operations
>> or access resources
>> that must be allowed to fulfill a specific coherent function within
>> applications.  These rights to
>> access resources are the permissions.  The set of these  
>> permissions, needed
>> for a logical
>> function to be conducted in the application, is a role.
>>
>> To be concise we extract the following glossary definitions:
>>
>> Permission:
>>    A right required by a system or application to authorize  
>> principals to
>> perform a
>>    specific operation or access a resource in some manner.
>>
>> Role:
>>    A set of permissions required by a principal to be authorized  
>> to fulfill
>> a logical function
>>    within a system or application.
>>
>> Thanks,
>> Alex
>>
>
>
> -- 
> Regards,
> Cordialement,
> Emmanuel L├ęcharny
> www.iktek.com


Mime
View raw message