| Re: [higgins-dev] CUID re-use (was something else) |
|
>>> Greg Byrd <gbyrd@xxxxxxxx> 8/15/06 3:02 PM >>>
>In what scenario is the CUID of an IDigitalSubject used to grant >permissions? Here's a use case which illustrates this, as well as the need to perform a "whoami", re-authenticate, and compare attributes at a sub-value level (we have applications that do this kind of thing all the time).
Assume a DigitalSubject represents a role. That DS has an attribute called "roleMember", and is populated with the CUIDs of other DS's which are members of this role. Now assume an application that a military officer uses to launch missiles. The officer logs into the application with username and password. The application in turn attempts to open the context containing the role using the officer's presented name/pw. If this succeeds, the application performs calls the (not yet agreed upon) "whoami" method to obtain the officer's CUID. The application then re-opens the same context using it's own identity and calls IContext.verifySubjectAttributes() asserting that the officer's CUID is part of the "roleMember" attribute in the role DS. If it is, the officer is allowed to launch missiles.
Other scenarios will follow. The IdAS data model does not include an access control model, so people will have to make up their own. one way of doing access control is to add DS relationships like (my wife has access to my bank account number) where "my wife" is really my wife's CUID.
Jim |