Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "HR Directory Access Control Policy"
(→Notes) |
(→Notes) |
||
| Line 7: | Line 7: | ||
== Notes == | == Notes == | ||
| − | + | Access Control Policy Entity's higgins:operation sub-Attributes (the green arcs above) refer to the ''models'' of the Entity instances, not concrete Entity instances. At first glance it would appear that we'd need to implement Jim's new "expressing Entity models by using other Entities" approach. But since there is no need to dereference the green arcs this no actually the case. | |
| − | + | ||
| + | One problem I [Paul] see with the above is that since Attributes are first class objects in our data model, they may be used by more than one class of Entity. But this is most often not the intended semantic. We want to be able to define which type of Attribute on which class (or its subclass) of Entity (or possibly its sub-part Entity). Teasing this out a bit I see that these dimensions of "resource scoping" should be orthogonal: | ||
| + | ## what Attribute type(s) the Policy is talking about | ||
| + | ## the set of Entities that the Policy is talking about | ||
| + | Either one or the other but not both of the above is optional. But the case that is causing problems here is this HR Directory case where wish to use these two dimensions simultaneously. | ||
==See Also== | ==See Also== | ||
* [[Access Control Use Cases]] - back to use cases | * [[Access Control Use Cases]] - back to use cases | ||
Revision as of 10:29, 9 July 2008
{{#eclipseproject:technology.higgins}}
Notes
Access Control Policy Entity's higgins:operation sub-Attributes (the green arcs above) refer to the models of the Entity instances, not concrete Entity instances. At first glance it would appear that we'd need to implement Jim's new "expressing Entity models by using other Entities" approach. But since there is no need to dereference the green arcs this no actually the case.
One problem I [Paul] see with the above is that since Attributes are first class objects in our data model, they may be used by more than one class of Entity. But this is most often not the intended semantic. We want to be able to define which type of Attribute on which class (or its subclass) of Entity (or possibly its sub-part Entity). Teasing this out a bit I see that these dimensions of "resource scoping" should be orthogonal:
- what Attribute type(s) the Policy is talking about
- the set of Entities that the Policy is talking about
Either one or the other but not both of the above is optional. But the case that is causing problems here is this HR Directory case where wish to use these two dimensions simultaneously.
See Also
- Access Control Use Cases - back to use cases