MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] Question about Anonymous Access Subject?
A question that we are wrestling with in our logical analysis of the
security protocols, namely CSIv2, is whether not having a prncipal is
really an anonymous principal.
I think we are finding that there is a "default" principal, of which you
associated a principal with by either configuration (let's say a request
that comes over a VPN).
Also, you can assert an anonymous principal, which actually states that
you really do not know who it is. This principal is supremely weaker than
all other principals.
We might come up with a particular identifier saying "Anonymous", but
should make sure it isn't used for the "default" case, unless the default
case is truly anonymous.
In constrast to the default case, we could have a "default" principal id,
or, we direct the PEP to "fill" the principal in with the default
principal's id.
-Polar
On Fri, 11 Oct 2002, Hal Lockhart wrote:
> Is there a cannonical way to represent an anonymous access subject in the
> Request Context? This seems to me to be an extremely common case that should
> be described in the spec. (My preference would be to leave out the access
> subject entirely, but I see that it is mandatory)
>
> Hal
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC