Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Access Control Teleconf 20080509

Notes from 20080509 Teleconf

Attending: Jim, Brian, Mary, Paul, Drummond, Markus, Valery, Bruce, David, Tony, others I missed?

Agenda:

Notes:

  • Looking at Policy-Entities.pdf
    • Paul intended this to be a simple proposal and to show how it might help Parity do something they're working on.
  • Tony: Bootstrap issue
    • What's the policy on the policy
      • need to make sure we can make policy statements that refer to policy statements
    • In a new ctx, what are the default policies?
      • Who has rights to create the first policy objects?
  • David: Where are the enforcement points?
    • Jim: The CP must ensure (whether it has to do it, or the backing store does it)
    • Paul: Agree
    • David: If there's an external enforcement engine, I have other questions.
    • Paul: There is the option of fronting one CP with another one.
      • In this way, one CP could perform the work of policy management and enforcement. This CP could be stacked in front of another CP that doesn't do this enforcement.
  • David: Can the accessing Entity be in another CP?
    • example: cp entities are entries in a database, but the authenticating identity does not exist in the context.
    • Subject ID must come from somewhere
      • CP can derive it from authN materials
        • an authenticated user can be mapped to a subject id
          • In some cases, the mapping is to an entity within the context
          • In other cases, some other subject id will result
  • AuthZ Subject IDs need to be flexible
    • need to be able to specify roles, groups
      • example: allow anyone from my facebook friends to do X
    • Drummond suggests using UDI for AuthZ subjectID
  • What about referential integrity?
    • The CP must be required to ensure authZ subjectID is not re-assignable
      • In some cases, (i.e. when the authZID is provided by another ctx), it's up to the other ctx.
  • No contention regarding the notion of using an access control policy entity
  • Next meeting topics:
    • How to perform interrogations like "can bob edit alice's phone number?"
    • David has some others surrounding the policy object.
    • Will we be capable of making negative (deny) statements?

Back to the top