[Wg-uma] Newcomer questions, please be patient...

Holodnik, Tom Tom_Holodnik at intuit.com
Thu Sep 24 08:21:57 PDT 2009


Folks,

 

I'll admit to being a newbie to the group and still catching up with the
body of work to date.  I'd like to review the scenarios a bit more, but
had a couple of comments that perhaps you could help me with... 

 

I had thought of certain aspects of the scenarios a little differently.
It's possible that a Calendar application could have very different
access policies and terms of use requirements for different markets.
The same underlying calendar logic can be applied  for a car repair shop
with service bays, an office building with conference rooms, or a
medical office with examination rooms.  

 

-          There's nothing really confidential about the work being done
within a service bay at a car repair shop.  

-          There may be confidential materials associated with one
conference room for one meeting at some time.  

-          Everything should be confidential about what goes on within
an examination room at a clinic.  

 

One approach would be to design and implement for the medical case, and
then "dumb down" to suit the car repair scenarios.  It would be nice to
be able to start with the simple cases and "wise up" to the medical case
in an orderly way. In most cases today, each of the three applications
is a separate product, marketed differently, and built differently. In
most cases, the access controls and protections on content (like
encryption in storage) are hardwired.

 

In each case, we would prefer to logically connect some representation
of user access preferences with the container-based access controls
available within the application.  This way, the differences between the
3 classes of applications might be a difference in configuration and not
a difference in code.  The ideal would be for the user to select the
configuration that best suits their market and requirements. 

 

Does this match the high-level view of what UMA is intending to
accomplish?  Sorry if I'm re-treading old ground. 

 

Thanks,

-tom

 

Tom Holodnik | Corporate Information Security | Intuit |Office:
650-944-5494 | Cellular: 650-387-6574

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-uma_kantarainitiative.org/attachments/20090924/8ce8f412/attachment-0001.html>


More information about the Wg-uma mailing list