[OGSA-AUTHZ] Your comments on Func Components
David Chadwick
d.w.chadwick at kent.ac.uk
Thu Nov 29 03:50:50 CST 2007
Hi Tom
I am happy to add "used for access control" in the context of our
document, but not secure manner or trusted source, because this is not
true in all cases. Part of our model is to make sure that we only use
trusted attributes because the ones that are asserted may have been done
insecurely or may not be trusted (see our other definitions). The role
of the CVS in our model is to make sure that only the secure and trusted
attributes are filtered out for use, whilst the others are discarded. If
we define attributes as secure and trusted then there cannot be other
attributes to be discarded (by definition). Then there is no point in
having a CVS, its functionality is redundant.
However if you are talking from an XACML perspective then your
definition is OK, since by the time the attributes are received by the
XACML PDP they are already secure and trusted.
regards
David
Tom Scavo wrote:
> On 11/28/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
>> iii) I have added a definition of attribute "Attribute is a property of
>> an entity". Nice and simple, and all encompassing :-)
>
> I think this defines what might be called "metadata." Recently, we
> defined "attribute" as follows:
>
> An attribute is information asserted in a secure manner by a trusted
> source, used for access control.
>
> I think the key is "used for access control." This is what
> distinguishes attributes from other kinds of data.
>
> Tom
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list