[OGSA-AUTHZ] Your comments on Func Components

Tom Scavo trscavo at gmail.com
Thu Nov 29 08:20:23 CST 2007 

Hi David,

I understand the distinction you're making and I agree.  If you can
work in the phrase "used for access control", I think that would be
sufficient.

Tom

On Nov 29, 2007 4:50 AM, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
> Hi Tom
>
> I am happy to add "used for access control" in the context of our
> document, but not secure manner or trusted source, because this is not
> true in all cases. Part of our model is to make sure that we only use
> trusted attributes because the ones that are asserted may have been done
> insecurely or may not be trusted (see our other definitions). The role
> of the CVS in our model is to make sure that only the secure and trusted
> attributes are filtered out for use, whilst the others are discarded. If
> we define attributes as secure and trusted then there cannot be other
> attributes to be discarded (by definition).  Then there is no point in
> having a CVS, its functionality is redundant.
>
> However if you are talking from an XACML perspective then your
> definition is OK, since by the time the attributes are received by the
> XACML PDP they are already secure and trusted.
>
> regards
>
> David
>
>
>
> Tom Scavo wrote:
> > On 11/28/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
> >> iii) I have added a definition of attribute "Attribute is a property of
> >> an entity". Nice and simple, and all encompassing :-)
> >
> > I think this defines what might be called "metadata."  Recently, we
> > defined "attribute" as follows:
> >
> > An attribute is information asserted in a secure manner by a trusted
> > source, used for access control.
> >
> > I think the key is "used for access control."  This is what
> > distinguishes attributes from other kinds of data.
> >
> > Tom
> >
>
>
> --
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick at kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
>

More information about the ogsa-authz-wg mailing list