ebxml-regrep message

OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

Subject: RE: regrep Security

I would suggest that we refer to Part 1 regarding the Actor Relationships to
detail any type of roles.

-----Original Message-----
From: Len Gallagher [mailto:LGallagher@nist.gov]
Sent: Monday, October 02, 2000 2:18 PM
To: Krishna Sankar
Cc: ebXML-Regrep
Subject: Re: regrep Security


I think access control should work out relatively smoothly - after Tokyo -
provided that our granularity doesn't get too fine.  We have a notion of
ownership with respect to who should have control over what registry
objects.  In my mind we get:

   The Registration Authority (RA) is the superowner and has system
   The Submitting Organization (SO) owns everything they submitted
   The SO can Modify anything they submitted provided it doesn't adversely
affect an object submitted by someone else - this can be controlled by how
we define the effect of Registry Services.
   The General Public can't modify anything.
   Other RA's may not be able to modify anything but they may be able to
see things that SO's and the General Public are not generally able to see,
e.g. administrative information.

We have at least the following roles to consider:

   General Public - e.g. Web Browsers
   RA's from other RegRep installations
   RO's (Responsible organizations) Named as such by SO's when submitting

I'd be very cautious about defining too many other roles, since it could
get very complex very quickly.

-- Len

At 11:43 AM 10/2/00 , Krishna Sankar wrote:
>Hi all,
>	Just as a TO DO Item (post Tokyo), does it make sense to provide
some sort
>of security mechanisms around the objects in the regrep ? My favorite is of
>course, role based access control (rbac paradigms).
>	cheers

Len Gallagher                             LGallagher@nist.gov
NIST                                      Work: 301-975-3251
Bldg 820  Room 562                        Home: 301-424-1928
Gaithersburg, MD 20899-8970 USA           Fax: 301-948-6213

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC