[WG-UMA] How multiple protections on a resource could work
Paul C. Bryan
email at pbryan.net
Thu Feb 4 11:03:38 EST 2010
On Thu, 2010-02-04 at 07:54 -0800, Eve Maler wrote:
> Ah, that was going to be my question. Are we in the position of having to dictate, or give guidelines about, metadata expressions of multiple protections? It sounds like you're saying no, this is just an extensibility point, and if someone wants to make their own modular spec around this for interop purposes, they can.
> On 4 Feb 2010, at 7:42 AM, Paul C. Bryan wrote:
> > On Thu, 2010-02-04 at 15:25 +0000, Maciej Machulak wrote:
> >> Paul,
> >> Comment with regards to point 2) and 3). Should the host have all
> >> access management systems listed within a single XRD and rely on
> >> requester to follow each one (possibly using disparate protocols)? Or
> >> should the Host reveal an access management system one by one (i.e.
> >> give the XRD to requester, eventually decision is obtained, give the
> >> XRD to requester, ...and so forth).
> > I think this has to be left up to the host, and be largely subject to
> > the threats and risks associated with providing access to resources.
> > The host may want hoops it wants requesters to jump-through (e.g. its
> > own mandatory access control systems) before it will considers the
> > condition secure enough to even reveal how to obtain discretionary
> > authorization from the user. Other hosts may simply not care and expose
> > them all.
> >> The motivation for this question is related to boolean expressions.
> > I'm pretty sure that doling-out authorization prerequisites one-by-one
> > will not achieve the equivalent of logical expressions, especially in
> > the case of OR.
> >> Should those be exposed to the Requester?
> > I don't think we can prevent multiple protections, but I'm also thinking
> > there's no strong driver for us to explicitly support it. With the
> > loose-coupling of resource descriptors, there's a lot of latitude, so I
> > don't think we're painting ourselves in any corner.
> > If/when there is a strong case to be made for multiple protections, I
> > think that's the appropriate time for us to get more rigorous.
> >> Should the Requester know the logic behind access control decision
> >> making on the Host side (i.e. which AMs are "more important" than
> >> others).
> > I'd say no. Or at least I think it goes too far for us to try to address
> > such expressions at this time.
> > Paul
> >> Cheers,
> >> Maciej
> >> ________________________________
> >> From: wg-uma-bounces at kantarainitiative.org
> >> [wg-uma-bounces at kantarainitiative.org] On Behalf Of Paul C. Bryan
> >> [email at pbryan.net]
> >> Sent: 04 February 2010 07:54
> >> To: WG UMA
> >> Subject: [WG-UMA] How multiple protections on a resource could work
> >> Hi UMAians:
> >> I have addressed my UMA action item 2010-01-28-3 (propose in email how
> >> multiple protections on a resource could work) in the following page:
> >> How multiple protections on a resource could
> >> work<http://kantarainitiative.org/confluence/display/~pbryan/How
> >> +multiple+protections+on+a+resource+could+work>
> >> Discussion welcome.
> >> Paul
> > _______________________________________________
> > WG-UMA mailing list
> > WG-UMA at kantarainitiative.org
> > http://kantarainitiative.org/mailman/listinfo/wg-uma
> Eve Maler
> eve at xmlgrrl.com
More information about the WG-UMA