Another set of 'requirements' to add are the ability to withdraw credentials
(time out / revocation)
[R-Limitation] Ability to limit the scope of a credential.
[R-Revoke] Ability to revoke a credential after issue.
Now I don't think we necessarily want to provide the architecture to support
them BUT they are potential requirements and we should probably say we don't
support if we don't support...
I will issue an updated doc sometime this week based on all submissions to
I think we are making progress here, the real tricky part will be
normalizing the nomenclature and terms which we will have to come round to
soon. We will end up with several pieces of data that can be sent / recieved
and have to give them names (credential/entitlement/ whatever). Problem
being that all the best terms tend to be 'loaded' - capabilities, rights,
permissions for example.
From: Edwards, Nigel [mailto:Nige...@hp.com]
Sent: Monday, January 29, 2001 9:29 AM
Subject: Addition to interim requirements
I'd like to propose another "interim requirement" for the assertion
[R-AuthorityScoping] Support for scoping for what assertions an
authority is trusted
For example, I might want to allow a third party to issue assertions
granting POST access to part of my web server (but not the whole web
server). Another example would be to allow a third party to issue
assertions granting access to a subset of the operations available in
a particular (CORBA) interface.