[WG-UMA] How multiple protections on a resource could work

Maciej Machulak m.p.machulak at newcastle.ac.uk
Thu Feb 4 10:25:17 EST 2010


Paul,

Comment with regards to point 2) and 3). Should the host have all access management systems listed within a single XRD and rely on requester to follow each one (possibly using disparate protocols)? Or should the Host reveal an access management system one by one (i.e. give the XRD to requester, eventually decision is obtained, give the XRD to requester, ...and so forth). The motivation for this question is related to boolean expressions. Should those be exposed to the Requester? Should the Requester know the logic behind access control decision making on the Host side (i.e. which AMs are "more important" than others).

Cheers,
Maciej
________________________________
From: wg-uma-bounces at kantarainitiative.org [wg-uma-bounces at kantarainitiative.org] On Behalf Of Paul C. Bryan [email at pbryan.net]
Sent: 04 February 2010 07:54
To: WG UMA
Subject: [WG-UMA] How multiple protections on a resource could work

Hi UMAians:

I have addressed my UMA action item 2010-01-28-3 (propose in email how multiple protections on a resource could work) in the following page:

How multiple protections on a resource could work<http://kantarainitiative.org/confluence/display/~pbryan/How+multiple+protections+on+a+resource+could+work>

Discussion welcome.

Paul


More information about the WG-UMA mailing list