3 messages in org.oasis-open.lists.security-coreRE: Addition to interim requirements| From | Sent On | Attachments |
|---|---|---|
| Edwards, Nigel | Jan 29, 2001 6:29 am | |
| Philip Hallam-Baker | Jan 29, 2001 2:39 pm | |
| Geor...@tivoli.com | Jan 31, 2001 7:21 am |
| Subject: | RE: Addition to interim requirements | |
|---|---|---|
| From: | Philip Hallam-Baker (pba...@verisign.com) | |
| Date: | Jan 29, 2001 2:39:14 pm | |
| List: | org.oasis-open.lists.security-core | |
Another set of 'requirements' to add are the ability to withdraw credentials (time out / revocation)
[R-Limitation] Ability to limit the scope of a credential.
[R-Revoke] Ability to revoke a credential after issue.
Now I don't think we necessarily want to provide the architecture to support them BUT they are potential requirements and we should probably say we don't support if we don't support...
I will issue an updated doc sometime this week based on all submissions to the list.
I think we are making progress here, the real tricky part will be normalizing the nomenclature and terms which we will have to come round to soon. We will end up with several pieces of data that can be sent / recieved and have to give them names (credential/entitlement/ whatever). Problem being that all the best terms tend to be 'loaded' - capabilities, rights, permissions for example.
Phill
-----Original Message----- From: Edwards, Nigel [mailto:Nige...@hp.com] Sent: Monday, January 29, 2001 9:29 AM To: 'secu...@lists.oasis-open.org' Subject: Addition to interim requirements
I'd like to propose another "interim requirement" for the assertion group.
[R-AuthorityScoping] Support for scoping for what assertions an authority is trusted
For example, I might want to allow a third party to issue assertions granting POST access to part of my web server (but not the whole web server). Another example would be to allow a third party to issue assertions granting access to a subset of the operations available in a particular (CORBA) interface.
Nigel.