OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")

[ Lists Home | Date Index | Thread Index ]

<Quote>
User1 authenticates to A and "delegates" its rights so that A can
present its rights, and the delegated User1 rights to B. 
</Quote>

That works well from the perspective of A (the sender side) because it
asserts that A has the proper claims to access B (this appears to me to
be more of a "push" method). But what if B does not consider A to be a
valid user? How can B enforce this?

Also, what about a more granular level, such as at a WSDL Operation or
Message level?

Kind Regards,
Joe Chiusano
Booz | Allen | Hamilton

Rich Salz wrote:
> 
> >
> >
> >The concept is this: authentication of not only a user for access
> >control to a resource, but a combination of the user *and* a resource -
> >
> 
> This is called delegation. System A is an active participant -- it is a
> security entity of its own.  User1 authenticates to A and "delegates"
> its rights so that A can present its rights, and the delegated User1
> rights to B. OSF DCE has rich delegation; COM has limited (IIRC just the
> limited case of full delegation, which is really impersonation); Corba,
> based on the DCE Security model, is closer to DCE's capabilities.  XACML
> and SAML have many OSF DCE alumni on them, so those standards should
> have enough hooks to support delegation, even if it wasn't explicitly
> part of their baseline specs.
> 
> (I just updated Mozilla; apologies if this comes out at HTML)
>     /r$
begin:vcard 
n:Chiusano;Joseph
tel;work:(703) 902-6923
x-mozilla-html:FALSE
url:www.bah.com
org:Booz | Allen | Hamilton;IT Digital Strategies Team
adr:;;8283 Greensboro Drive;McLean;VA;22012;
version:2.1
email;internet:chiusano_joseph@bah.com
title:Senior Consultant
fn:Joseph M. Chiusano
end:vcard




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS