Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Access Control Teleconf 20080509"
| Line 22: | Line 22: | ||
** Paul intended this to be a simple proposal and to show how it might help Parity do something they're working on. | ** Paul intended this to be a simple proposal and to show how it might help Parity do something they're working on. | ||
* Tony: Bootstrap issue | * Tony: Bootstrap issue | ||
| − | ** | + | ** What's the policy on the policy |
| − | *** need to make sure we can make policy statements | + | *** need to make sure we can make policy statements that refer to policy statements |
| + | ** In a new ctx, what are the default policies? | ||
| + | *** Who has rights to create the first policy objects? | ||
* David: Where are the enforcement points? | * David: Where are the enforcement points? | ||
** Jim: The CP must ensure (whether it has to do it, or the backing store does it) | ** Jim: The CP must ensure (whether it has to do it, or the backing store does it) | ||
** Paul: Agree | ** Paul: Agree | ||
** David: If there's an external enforcement engine, I have other questions. | ** David: If there's an external enforcement engine, I have other questions. | ||
| − | ** Paul: There is the option of fronting | + | ** Paul: There is the option of fronting one CP with another one. |
| + | *** In this way, one CP could perform the work of policy management and enforcement. This CP could be stacked in front of another CP that doesn't do this enforcement. | ||
* David: Can the accessing Entity be in another CP? | * David: Can the accessing Entity be in another CP? | ||
** example: cp entities are entries in a database, but the authenticating identity does not exist in the context. | ** example: cp entities are entries in a database, but the authenticating identity does not exist in the context. | ||
| Line 34: | Line 37: | ||
*** CP can derive it from authN materials | *** CP can derive it from authN materials | ||
**** an authenticated user can be mapped to a subject id | **** an authenticated user can be mapped to a subject id | ||
| + | ***** In some cases, the mapping is to an entity within the context | ||
| + | ***** In other cases, some other subject id will result | ||
* AuthZ Subject IDs need to be flexible | * AuthZ Subject IDs need to be flexible | ||
** need to be able to specify roles, groups | ** need to be able to specify roles, groups | ||
| Line 45: | Line 50: | ||
** How to perform interrogations like "can bob edit alice's phone number?" | ** How to perform interrogations like "can bob edit alice's phone number?" | ||
** David has some others surrounding the policy object. | ** David has some others surrounding the policy object. | ||
| + | ** Will these be capable of negative (deny) statements? | ||
Revision as of 11:24, 9 May 2008
Notes from 20080509 Teleconf
Attending: Jim, Brian, Mary, Paul, Drummond, Markus, Valery, Bruce, David, Tony, others I missed?
Agenda:
Notes:
- Looking at Policy-Entities.pdf
- Paul intended this to be a simple proposal and to show how it might help Parity do something they're working on.
- Tony: Bootstrap issue
- What's the policy on the policy
- need to make sure we can make policy statements that refer to policy statements
- In a new ctx, what are the default policies?
- Who has rights to create the first policy objects?
- What's the policy on the policy
- David: Where are the enforcement points?
- Jim: The CP must ensure (whether it has to do it, or the backing store does it)
- Paul: Agree
- David: If there's an external enforcement engine, I have other questions.
- Paul: There is the option of fronting one CP with another one.
- In this way, one CP could perform the work of policy management and enforcement. This CP could be stacked in front of another CP that doesn't do this enforcement.
- David: Can the accessing Entity be in another CP?
- example: cp entities are entries in a database, but the authenticating identity does not exist in the context.
- Subject ID must come from somewhere
- CP can derive it from authN materials
- an authenticated user can be mapped to a subject id
- In some cases, the mapping is to an entity within the context
- In other cases, some other subject id will result
- an authenticated user can be mapped to a subject id
- CP can derive it from authN materials
- AuthZ Subject IDs need to be flexible
- need to be able to specify roles, groups
- example: allow anyone from my facebook friends to do X
- Drummond suggests using UDI for AuthZ subjectID
- need to be able to specify roles, groups
- What about referential integrity?
- The CP must be required to ensure authZ subjectID is not re-assignable
- In some cases, (i.e. when the authZID is provided by another ctx), it's up to the other ctx.
- The CP must be required to ensure authZ subjectID is not re-assignable
- No contention regarding the notion of using an access control policy entity
- Next meeting topics:
- How to perform interrogations like "can bob edit alice's phone number?"
- David has some others surrounding the policy object.
- Will these be capable of negative (deny) statements?