Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 5498 invoked from network); 24 Oct 2007 21:38:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Oct 2007 21:38:32 -0000 Received: (qmail 20632 invoked by uid 500); 24 Oct 2007 21:38:19 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 20598 invoked by uid 500); 24 Oct 2007 21:38:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 20587 invoked by uid 99); 24 Oct 2007 21:38:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Oct 2007 14:38:19 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 66.249.82.235 as permitted sender) Received: from [66.249.82.235] (HELO wx-out-0506.google.com) (66.249.82.235) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Oct 2007 21:38:21 +0000 Received: by wx-out-0506.google.com with SMTP id s8so293444wxc for ; Wed, 24 Oct 2007 14:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=TyhVtbEBePHZo+fyg+9WXR/rpDTunDIhA7yLFuvqH2Y=; b=Cwd+13f6bmBd3xdzKCVOleyIxMNHd90J/eIyvTy+PG8iI+D9XI73JYJJnThzj8NbUcb+bKNw32H/QasCXrPFy/WrbgFf6SUQGyJqbqFwIwJLzBN1OIT4JPRf7FUM61pRMQNYsvAzNcR1ckOTDqZf//5eeF7bY//NlwtaDrRZNK8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=j7/G4SMHMRcrAeb3vBtH1qiuYXmP12cegzZb4Aii7w+KIE7oPY964+/qDsWXmzMPMhS1M+pY4++5zF88hmqNEuYnp7wQsPUhiSri62iyNHiCl8ANr61yTWbAeyVKkIILCF5+0ciPyz9EDHM10OqxiSTV24idX5vQ4934XPl0R3M= Received: by 10.90.106.11 with SMTP id e11mr843890agc.1193261879888; Wed, 24 Oct 2007 14:37:59 -0700 (PDT) Received: by 10.90.65.7 with HTTP; Wed, 24 Oct 2007 14:37:59 -0700 (PDT) Message-ID: Date: Wed, 24 Oct 2007 23:37:59 +0200 From: "Emmanuel Lecharny" Reply-To: elecharny@iktek.com To: "Apache Directory Developers List" Subject: Re: [Triplesec] [AuthZ] Applications and Roles In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: X-Virus-Checked: Checked by ClamAV on apache.org Very clear. Do we have those definitions on the web site, or should we inject them ? On 10/24/07, Alex Karasulu wrote: > Applications and Roles > --------------------------------- > > Application designers devise security permissions and roles specific to > applications. These > roles represent a set of rights authorizing principals to perform operati= ons > or access resources > that must be allowed to fulfill a specific coherent function within > applications. These rights to > access resources are the permissions. The set of these permissions, need= ed > for a logical > function to be conducted in the application, is a role. > > To be concise we extract the following glossary definitions: > > Permission: > A right required by a system or application to authorize principals to > perform a > specific operation or access a resource in some manner. > > Role: > A set of permissions required by a principal to be authorized to fulfi= ll > a logical function > within a system or application. > > Thanks, > Alex > --=20 Regards, Cordialement, Emmanuel L=E9charny www.iktek.com