directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: [Triplesec] [AuthZ] Applications and Roles
Date Wed, 24 Oct 2007 22:27:37 GMT
I have some problems with these definitions that I have not had time  
to write up comprehensibly but I would appreciate more discussion  
before we put them on the web site.

I'd like to counter-propose that we use the definitions from the NIST  
paper or better the standard which it has turned into instead.  To me  
they are a lot more self contained and clearer.  For instance, Alex's  
definitions below use the term "principal" which I don't think he's  
defined yet.  I think there's a good chance that terms or definitions  
that have been used by the research community for 10-15 years have  
clearer definitions and fewer conceptual holes or redundancies than  
terms or definitions we come up with even if based on common practice.

NIST paper:

ANSI standard based on this: (I have not read this yet):

david jencks

On Oct 24, 2007, at 2:37 PM, Emmanuel Lecharny wrote:

> Very clear.
> Do we have those definitions on the web site, or should we inject  
> them ?
> On 10/24/07, Alex Karasulu <> wrote:
>> Applications and Roles
>> ---------------------------------
>> Application designers devise security permissions and roles  
>> specific to
>> applications.  These
>> roles represent a set of rights authorizing principals to perform  
>> operations
>> or access resources
>> that must be allowed to fulfill a specific coherent function within
>> applications.  These rights to
>> access resources are the permissions.  The set of these  
>> permissions, needed
>> for a logical
>> function to be conducted in the application, is a role.
>> To be concise we extract the following glossary definitions:
>> Permission:
>>    A right required by a system or application to authorize  
>> principals to
>> perform a
>>    specific operation or access a resource in some manner.
>> Role:
>>    A set of permissions required by a principal to be authorized  
>> to fulfill
>> a logical function
>>    within a system or application.
>> Thanks,
>> Alex
> -- 
> Regards,
> Cordialement,
> Emmanuel L├ęcharny

View raw message