Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] AuthZ observation

Who is publishing the policy - "UserX has OperationY access to ResourceZ"? Is it the owner or custodian of the resource? Or is it someone else?

And how is the UserX "known" to the policy publishing entity? Might this take the form of "Authority Y states this is Joe". If Authority Y is a well-behaved auth engine, shouldnt it guarantee that names arent re-used?

I guess identifying the different players here would help me understand the problem better

- prateek

Duane made this observation:


* If AuthZ allows us to express something like "UserX has OperationY access to ResourceZ", then we must disallow renames of entities.

** Otherwise, if the "UserX" or "ResourceZ" entities are renamed, we have a problem where the AuthZ is disconnected.

*** Worse, if UserX is removed, and another one added, they will be unwittingly granted access.


This is especially true if we allow the AuthZ to be managed by a layered CP, because the underlying Context might be directly accessed to perform a rename, leaving the upper "authZ CP" unaware of the fact that it has a disconnected authZ statement.

------------------------------------------------------------------------

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev



Back to the top