RE: [higgins-dev] AuthZ observation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] AuthZ observation

From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Date: Wed, 26 Mar 2008 16:24:17 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AciPXQGf0qh2gZUYRLGUoBdmozB/2QAILrhg

Prateek,

Prateek wrote:
> 
> Who is publishing the policy - "UserX has OperationY access to
> ResourceZ"? Is it the owner or custodian of the resource? Or is it
> someone else?

owner/custodian

<snip>
> 
> I guess identifying the different players here would help me understand
> the problem better
> 

Prateek, you may be getting confused by IdAS terminology. When Duane talks
about entities he means data objects managed by IdAS. [These objects are
called "nodes" in Higgins 1.0 and will be renamed "entities" in Higgins
1.1.] So when Duane refers to "ResourceZ" he means EntityZ. Duane's first
bullet is his concerned about the downstream (negative) implications of
allowing EntityZ/ResourceZ to change its "id". 

[My two cents: I thought entityids were immutable. But I'm looking at the
wiki and can't find anywhere where it actually says that!.]

-Paul


> >
> > Duane made this observation:
> >
> >
> > * If AuthZ allows us to express something like "UserX has OperationY
> > access to ResourceZ", then we must disallow renames of entities.
> >
> > ** Otherwise, if the "UserX" or "ResourceZ" entities are renamed, we
> > have a problem where the AuthZ is disconnected.
> >
> > *** Worse, if UserX is removed, and another one added, they will be
> > unwittingly granted access.
> >
> >
> > This is especially true if we allow the AuthZ to be managed by a
> > layered CP, because the underlying Context might be directly accessed
> > to perform a rename, leaving the upper "authZ CP" unaware of the fact
> > that it has a disconnected authZ statement.
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

References:
- [higgins-dev] AuthZ observation
  - From: Jim Sermersheim
- Re: [higgins-dev] AuthZ observation
  - From: Prateek Mishra

Prev by Date: Re: [higgins-dev] AuthZ observation
Next by Date: [higgins-dev] Agenda for noon EDT (1600 GMT) higgins call
Previous by thread: Re: [higgins-dev] AuthZ observation
Next by thread: [higgins-dev] Agenda for noon EDT (1600 GMT) higgins call
Index(es):
- Date
- Thread

Breadcrumbs