[AuthZ] AuthZ Glossary in Public comment

Markus Lorch mlorch at vt.edu
Fri Nov 19 14:36:02 CST 2004 

Richard,

thanks for your comments. Unless I hear otherwise I will resolve
them as follows

> 
> Some terms are not defined which, given their relevance to the area of
> security, I assume that they would/should be. 

For the following three terms I came up with a possible definition
(see below) but was reluctant to put them into the document as they
are mainly about the much broader area of security than what authorization
itself covers. 

> 
> Accounting

- The process of retaining data about system usage, e.g., for billing
purposes.

> Auditing

- Auditing of authorization information typically refers to the process of
evaluating of system records to establish what entity has made use of the
system and to what extend. Auditing of an authorization system  may also
refer to a review of system mechanisms and policies, e.g. to establish a
level of confidence in a system.

> Authentication - (various associated terms are given authentication
   - the process of establishing an entity's identity
   

I do not feel that we should add the following terms as they seem even more 
out of the scope of an "authorizaiton glossary":
> Confidentiality
> Data integrity
> Logging
> Privacy

> ...also how about 
> Obligation

I added the following obligation definition to the document:

"An (authorization) obligation is an instruction from a PDP to an entity
requesting an 
authorization decision. The instruction may specify an operation that 
the must be performed in conjunction with the enforcement of a the
authorization decision that corresponds to the authorization request."

Plus I added references to XACML and PONDER on this topic.

> A couple of definitions I'm not sure about.
> 
> "Service" - not sure I like this definition (and there is a 
> problem with
> definition dependencies, "service: the component that 
> mediates access to
> a 'resource'" where a 'resource' is defined as "component 
> that provides
> or hosts 'services'").

I agree the service definition relies heavily on the scope
of this document i.e., service = authorization service. 

I thus changed the separate service definition to refer to the
Authorizaiton Service definition in the document. We do not attempt 
to define the service term in the general sense.

> 
> "Trust" - why does this include taking actions? Should it not be
> 
> "The willingness to accept the risk associated with assertions made by
> other parties"

This request is in line with a comment that Jim Basney made via griforge.
I accept Jim's version: 

"The willingness to accept the risk associated with actions based on 
assertions by other parties."

> 
> 
> A few minor typoes 
> Page 3 section "Attribute"  - ", .e.g., " drop the "."
> 
> References 
> LDAP - should be "Lightweight Directory Access Protocol"
> 
> 
> My $0.02c.
> Rich
> 
> -----Original Message-----
> From: owner-authz-wg at gridforum.org 
> [mailto:owner-authz-wg at gridforum.org]
> On Behalf Of Olle Mulmo
> Sent: 17 November 2004 15:34
> To: 'Markus Lorch'; authz-wg at gridforum.org
> Subject: RE: [AuthZ] AuthZ Glossary in Public comment
> 
> 
> Please note that the authors themselves are encouraged to provide
> comments during the this process, as an indication that they have
> actually read the
> (whole) document and agree with it.
> 
> /Olle
> 
> -----Original Message-----
> From: owner-authz-wg at gridforum.org 
> [mailto:owner-authz-wg at gridforum.org]
> On Behalf Of Markus Lorch
> Sent: Friday, November 12, 2004 12:47
> To: authz-wg at gridforum.org
> Subject: [AuthZ] AuthZ Glossary in Public comment
> 
> Hi All,
> 
> our Authorization Glossary is currently undergoing the public comment
> period. I would like to ask interested parties to read throught he
> glossary document and post comments to gridforge? Even if you 
> completely
> agree and request no changes please create a gridforge comment stating
> your agreement. 
> 
> The intent of the document is to capture the general meaning 
> of the set
> of terms typically used in grid authorization discussions. 
> This will be
> your last chance to request a change to the definition of 
> authorization
> terms in this document. 
> 
> You can get to the document from here:
> http://www.ggf.org/Public_Comment_Docs/Public_Comment_Documents.htm
> 
> Thanks much
> 
> Markus
> 
> ----------------------------------------------------------------
> Markus Lorch                     
> Department of Computer Science         	Phone: +1 540 231 5914
> Virginia Tech, m/c 106                    Fax:	 +1 540 231 6075
> Blacksburg, VA 24061, U.S.A.     http://people.cs.vt.edu/~mlorch
> 
>

More information about the authz-wg mailing list