[Wg-uma] Comments on today's conversation

Eve Maler eve at xmlgrrl.com
Thu Aug 27 17:30:56 PDT 2009


Thanks for these very thoughtful comments, and for your patience with  
the telecon system.  (I do think your voice line is uniquely muffled- 
sounding compared to others; not sure if this is a handset/headset  
issue on your end?)  A few thoughts below:

On 27 Aug 2009, at 11:24 AM, Maciej Machulak wrote:

> Hi all,
>
> At first, sincere apologies for not being able to contribute to  
> today's conversation. Not only I had problems with connecting to the  
> conf call, but the connection quality turned out to be extremely bad  
> as well.
>
> I would like to add or simply comment on few things that I was able  
> to hear during the call :)
>
> 1)
> Eve raised a question about a user delegating access control to  
> multiple AM (part of resources protected by AM #1, part of resources  
> protected by AM #2). I wanted to fully agree with Paul that the  
> ProtectServe protocol does not restrict that. As discussed, this may  
> be a not-so-popular deployment scenario. It is purely implementation  
> specific and depends on how the SP adopts UMA. It will definitely  
> result in much more complex application code.

+1.

>
> I do think that there are certain scenarios which will require an  
> application to be able to use decisions from multiple AM as multiple  
> entities may be interested in controlling access to the same set of  
> resources. This, however, may be achieved through an application  
> delegating access to a single AM which will be controlled by  
> multiple entities or by an application delegating access control to  
> multiple AM. In both cases, I think that this may be of interest in  
> certain cases.

It would be good for us to highlight the most reasonable/likely real- 
world circumstances here in one or more scenarios.  I worry about  
inherent complexities (I believe you point these out in your paper),  
like: If you get a YES and a NO from two different AMs, what do you  
do?  We'd have to have a really strong motivation in order to solve  
for a several-AMs-per-resource scenario!

> 2)
> Paul mentioned access control policies and how they are used by a  
> User to protect their resources. If I recall correctly, a User would  
> be able to log into an AM and define those policies. AM would need a  
> way of getting the list of resources from a SP.
>
> I think the case in defining access control policies is that a user  
> logs into a SP and decides to apply a security to a resource by  
> clicking a 'Access Control' -like link. Then the application would  
> simply communicate the resource (or a set of resources) with its  
> supported operations to the AM. It might be up to the application  
> how to identify those resources and what are the supported  
> operations. A User is then able to compose a policy at the AM side -  
> the AM already has all the knowledge necessary for the policy  
> composition process (info about the application that hosts this  
> resource, a unique ID of this resource, resource's supported  
> operations). Policies and the policy composition process is out of  
> scope to the protocol. I'm not sure if those things were discussed  
> or not (as I mentioned, I had to reconnect few times) but I think  
> that it's important to discuss (1) how operations are passed from SP  
> to AM and (2) how an SP can uniquely identify a resource in an  
> application independent way. The second thing may be of particular  
> interest if resources are moved between Web applications.

We currently have an out-of-band arrow ("configure policies") at the  
bottom of step 0, and I believe you're pointing out that we would need  
some more in-band protocol stuff here that potentially spans the UA,  
AM, and SP.  If the motivation is solid enough, this seems interesting  
and doable.

I'm not very worried about identifying resources in an application- 
independent way, since the Web's method of doing this is pretty robust  
(though maybe the level of content-type support in today's Web isn't  
something we can rely on cleverly...?).

I do remain just a little worried that we'll open up a can of worms in  
trying to let SPs teach AMs about policies with deep application- 
specific (content-type-specific?) semantics.  Does it make sense to  
think of this as an *optional* part of our eventual protocol?  I'm not  
a fan of having lots of options (it complicates Internet-wide  
adoption!), but this may be a sufficiently heavy branch that different  
populations might strongly want or not want to deal with.

> 3) I would like to fully agree with Paul on the issue of users vs  
> services being consumers of resources. It is always an application  
> accessing a resource, be it a service or a user agent (e.g. a Web  
> browser) and there should be a strong separation between our access  
> control approach and authentication.

+1! :)

> Apologies if those things have been discussed or if they deviate  
> from the core discussion. I'd appreciate comments.
>
> Hope to be able to contribute verbally during the next conference  
> call :-)
>
> Kind regards,
> Maciej Machulak

Thanks again,

	Eve

Eve Maler
eve at xmlgrrl.com
http://www.xmlgrrl.com/blog



More information about the Wg-uma mailing list