ebxml-regrep message


OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

Subject: RE: regrep Security


yep. good idea. We do not want to immerse ourselves into a sea of roles and
as you pointed out make it simple.

I would like to push for extensibility so that one can extend the model - I
have some specific scenarios for complex schemes (of, course ;-)) but that
should not be the norm.

cheers

-----Original Message-----
From: Len Gallagher [mailto:LGallagher@nist.gov]
Sent: Monday, October 02, 2000 12:18 PM
To: Krishna Sankar
Cc: ebXML-Regrep
Subject: Re: regrep Security



Krishna,

I think access control should work out relatively smoothly - after Tokyo -
provided that our granularity doesn't get too fine.  We have a notion of
ownership with respect to who should have control over what registry
objects.  In my mind we get:

   The Registration Authority (RA) is the superowner and has system
privileges
   The Submitting Organization (SO) owns everything they submitted
   The SO can Modify anything they submitted provided it doesn't adversely
affect an object submitted by someone else - this can be controlled by how
we define the effect of Registry Services.
   The General Public can't modify anything.
   Other RA's may not be able to modify anything but they may be able to
see things that SO's and the General Public are not generally able to see,
e.g. administrative information.
   etc.

We have at least the following roles to consider:

   General Public - e.g. Web Browsers
   SO's
   RA's from other RegRep installations
   RO's (Responsible organizations) Named as such by SO's when submitting
things.

I'd be very cautious about defining too many other roles, since it could
get very complex very quickly.

-- Len





At 11:43 AM 10/2/00 , Krishna Sankar wrote:
>Hi all,
>
>	Just as a TO DO Item (post Tokyo), does it make sense to provide some sort
>of security mechanisms around the objects in the regrep ? My favorite is of
>course, role based access control (rbac paradigms).
>
>	cheers


**************************************************************
Len Gallagher                             LGallagher@nist.gov
NIST                                      Work: 301-975-3251
Bldg 820  Room 562                        Home: 301-424-1928
Gaithersburg, MD 20899-8970 USA           Fax: 301-948-6213
**************************************************************



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC