OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

Re: [xacml] Observation on J2SE context proposal (fwd)

  • 1.  Re: [xacml] Observation on J2SE context proposal (fwd)

    Posted 06-03-2002 10:04 
     MHonArc v2.5.2 -->

















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: Re: [xacml] Observation on J2SE context proposal (fwd)
    







    



    

---------- Forwarded message ----------
Date: Mon, 3 Jun 2002 09:46:03 -0400 (EDT)
From: Polar Humenn <polar@syr.edu>
To: Michiharu Kudoh <KUDO@jp.ibm.com>
Subject: Re: [xacml] Observation on J2SE context proposal


I also have some comments on the ContextPrincipal proposal.

At the very outset, I see that we are quickly going toward the notion of a
"ComplexPrincipal".

I would rather see ONE principal, and that principal be structured
appropriately by the way the security software (PEP?) sees the principal
that is the subject of the access decision request.

I can see the need of having multiple principals, i.e.  CodeSource and
Subject, etc. but these are not "principal types" they are "roles" played
by simple or complex principals.

The principal calculus denotes such things as "P as R", where P is a
(possibly complex) principal, and R is a role, (or a simple principal).

You may, for example, have principal Gates be the subject of the access
decision, however, he is running code signed by both Sun and Microsoft.

This complex principal would look like:

((Sun 'and' Microsoft) 'as' CodeSource) 'quotes' Gates)

So, instead of having a mismash of principals in the Context, of which the
policy engine must guess what is happening at the PEP, the security
software on the PEP prepares the request setting up the structured
princpal appropriately.

Also, for the record, and I will keep on saying this, as I have said
before, I believe that the "RequestingUser" or "Requestor" has the wrong
connotation in this situation. Formally, in the PDP context, the
"requestor" should be the thing asking the access decision question, which
has NOTHING to do with the "subject" of the access decision request. I
believe the actual "requestor" in this situation,(i.e. the PEP?), is out
of scope of the policy itself.

Cheers,
-Polar





    





    






    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content