OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")

[ Lists Home | Date Index | Thread Index ]

Rich Salz wrote:

> Because the minute they leave a single administrative domain, many of us believe
> that things like authentication, authorization, privacy, and data integrity are
> important.

Understood. As I see it, there are three courses of action:

    1) Do nothing. Execute transactions only via two-phase commit in the homogenous
network behind the firewall, where the basis of interoperability between processes is
the intimate knowledge they have of each other's workings, realized in the
precisely-specified datastructures shared between processes. When it is necessary to
interchange data with or to execute transactions against those outside the firewall,
require that there be in place a known identification mechanism for each such
counterparty and a known gateway mapping of the external form of data to the internal
datastructure used for executing transactional processes. Since my original 1998 essay
on this subject, this is what I have called the 'shop' model:  to anyone from outside
the firewall and the homogenous enterprise network it presents a take-it-or-leave-it
gateway, rather like the cash register of a shop. If you want to do business in this
shop, present yourself at the cash register and satisfy the clerk that you meet the
shop's self-declared terms for doing business with it. Since, however, this model may
not be acceptable to other businesses which might consider themselves your peers, if
not greater, then there is the perhaps more palatable possibility of

    2) Create a cartel of like-minded businesses, based upon agreed uses of data
interchanged, from which each party can assure itself that a requester of data has a
need-to-know which the supplier of that data considers legitimate. This is the model
for which Messrs. Chiusano and Cavnar-Johnson are discussing the implementation
logistics of 'X.509 certs, SAML, Kerberos tickets, etc.'

    3) Design web services which are autonomous expert processes each using data for
its own purposes in its own way. In creating data any process renders it in a form
best suited to the expression of its own expertise, without regard for the processes
which might use that data downstream, their expectations of the form that it should
take, nor speculations on what semantics might attach to that data in the execution of
those downstream processes.

> Or would you mind mailing me your PIN?

Don't mind at all. I'll post it right here. 24778. What good does that do you?

Respectfully (and it is with respect that I enjoy the privilege of the ongoing debate
on xml-dev),

Walter Perry





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS