Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Access Control in IdAS"
(→Notes) |
(→Proposals) |
||
Line 2: | Line 2: | ||
== Proposals == | == Proposals == | ||
+ | # Allow Service Endpoint to create Policy Enforcement Points above IdAS | ||
+ | # Create a CP which is the Policy Enforcement Point | ||
+ | # Put the Policy Enforcement Point in each CP | ||
+ | # Define a Access Control type/syntax in IdAS, expose to IdAS consumsers | ||
== Resources == | == Resources == |
Revision as of 14:30, 30 January 2008
Contents
Use Cases
Proposals
- Allow Service Endpoint to create Policy Enforcement Points above IdAS
- Create a CP which is the Policy Enforcement Point
- Put the Policy Enforcement Point in each CP
- Define a Access Control type/syntax in IdAS, expose to IdAS consumsers
Resources
Notes
AuthZ can be done in different places (Paul has a picture):
- In the backing data store
- In each CP
- In an "authZ" chaining CP
- In front of IdAS