[WG-UMA] How multiple protections on a resource could work

Maciej Machulak m.p.machulak at newcastle.ac.uk
Thu Feb 4 11:28:47 EST 2010


I do agree with that, as well.

Just one more comment/clarification - what I meant by revealing an access management system one by one (calling it 'one by one' was actually not proper) is that the requester only gets to know all the necessary AM systems (either one after another or all listed within a single descriptor). However, the Requester never gets to know the rules behind satisfying all AM related requirements - it may obtain authorization from all AMs but the Host would still use only one (in case of OR expression) to derive the ultimate decision. This particular configuration would lack efficiency but I can imagine that there are scenarios where it could be applicable. The Requester would follow the same pattern for obtaining authz and the Host could change its config as necessary without revealing it.

Cheers,
Maciej

________________________________________
From: wg-uma-bounces at kantarainitiative.org [wg-uma-bounces at kantarainitiative.org] On Behalf Of Paul C. Bryan [email at pbryan.net]
Sent: 04 February 2010 16:03
To: WG UMA
Subject: Re: [WG-UMA] How multiple protections on a resource could work

+1

On Thu, 2010-02-04 at 07:54 -0800, Eve Maler wrote:
> Ah, that was going to be my question.  Are we in the position of having to dictate, or give guidelines about, metadata expressions of multiple protections?  It sounds like you're saying no, this is just an extensibility point, and if someone wants to make their own modular spec around this for interop purposes, they can.
>
>       Eve
>
> On 4 Feb 2010, at 7:42 AM, Paul C. Bryan wrote:
>
> > On Thu, 2010-02-04 at 15:25 +0000, Maciej Machulak wrote:
> >> Paul,
> >>
> >> Comment with regards to point 2) and 3). Should the host have all
> >> access management systems listed within a single XRD and rely on
> >> requester to follow each one (possibly using disparate protocols)? Or
> >> should the Host reveal an access management system one by one (i.e.
> >> give the XRD to requester, eventually decision is obtained, give the
> >> XRD to requester, ...and so forth).
> >
> > I think this has to be left up to the host, and be largely subject to
> > the threats and risks associated with providing access to resources.
> >
> > The host may want hoops it wants requesters to jump-through (e.g. its
> > own mandatory access control systems) before it will considers the
> > condition secure enough to even reveal how to obtain discretionary
> > authorization from the user. Other hosts may simply not care and expose
> > them all.
> >
> >> The motivation for this question is related to boolean expressions.
> >
> > I'm pretty sure that doling-out authorization prerequisites one-by-one
> > will not achieve the equivalent of logical expressions, especially in
> > the case of OR.
> >
> >> Should those be exposed to the Requester?
> >
> > I don't think we can prevent multiple protections, but I'm also thinking
> > there's no strong driver for us to explicitly support it. With the
> > loose-coupling of resource descriptors, there's a lot of latitude, so I
> > don't think we're painting ourselves in any corner.
> >
> > If/when there is a strong case to be made for multiple protections, I
> > think that's the appropriate time for us to get more rigorous.
> >
> >> Should the Requester know the logic behind access control decision
> >> making on the Host side (i.e. which AMs are "more important" than
> >> others).
> >
> > I'd say no. Or at least I think it goes too far for us to try to address
> > such expressions at this time.
> >
> > Paul
> >
> >>
> >> Cheers,
> >> Maciej
> >> ________________________________
> >> From: wg-uma-bounces at kantarainitiative.org
> >> [wg-uma-bounces at kantarainitiative.org] On Behalf Of Paul C. Bryan
> >> [email at pbryan.net]
> >> Sent: 04 February 2010 07:54
> >> To: WG UMA
> >> Subject: [WG-UMA] How multiple protections on a resource could work
> >>
> >> Hi UMAians:
> >>
> >> I have addressed my UMA action item 2010-01-28-3 (propose in email how
> >> multiple protections on a resource could work) in the following page:
> >>
> >> How multiple protections on a resource could
> >> work<http://kantarainitiative.org/confluence/display/~pbryan/How
> >> +multiple+protections+on+a+resource+could+work>
> >>
> >> Discussion welcome.
> >>
> >> Paul
> >
> >
> > _______________________________________________
> > WG-UMA mailing list
> > WG-UMA at kantarainitiative.org
> > http://kantarainitiative.org/mailman/listinfo/wg-uma
>
>
> Eve Maler
> eve at xmlgrrl.com
> http://www.xmlgrrl.com/blog
>


_______________________________________________
WG-UMA mailing list
WG-UMA at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma


More information about the WG-UMA mailing list