[
Lists Home |
Date Index |
Thread Index
]
>
>
>That works well from the perspective of A (the sender side) because it
>asserts that A has the proper claims to access B (this appears to me to
>be more of a "push" method). But what if B does not consider A to be a
>valid user? How can B enforce this?
>
>
In delegation, the invoker credentials become a *chain of delegation*,
so that B sees A's rights, and User1's rights. B gets enough
information to know that A is operating on behalf of User1. (Again, the
degenerate case is impersonation, where B only "sees" User1)
B could enforce that A never appear in the delegation chain, although
from a security perspective this probably doesn't make sense.
>Also, what about a more granular level, such as at a WSDL Operation or
>Message level?
>
I don't think XACML (e.g.) has defined WSDL extensions to allow you to
specify "require rights" on an operation. There's currently some
tension between XACML and WS-something-or-other as to whether or not
XACML should be "the" access control language. ...
/r$
|
