Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] Re: Revised access control policy Entity modeling

The operation is not represented as an entity. It’s just an arc (URI) between the PolicyEntity and the Entity to which permission for the operation is being granted.

=Drummond

From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jim Sermersheim
Sent: Thursday, June 26, 2008 12:33 PM
To: higgins-dev <higgins-dev@xxxxxxxxxxx
Subject: [higgins-dev] Re: Revised access control policy Entity modeling

 

Why is the operation represented as an entity?  Is it more complex than a simple URI?

>>> Paul Trevithick <paul@xxxxxxxxxxxxxxxxx> 06/26/08 11:15 AM >>>

Hi Jim,

After conversations with Drummond, it appears that there is a simpler way to model the access control semantics of a PolicyEntity. The new proposal is shown below and attached as a TIFF. Only one of the higgins:subject arcs shown below would be needed in the simplest case, but I drew both to show both possible kinds of subjects. As I hope is self-evident, the example below states that subject E3 and subject E4 are permitted <some kind of operation> (e.g. higgins:get, higgins:mod, higgins:del) on Entity E1 (that is, any or all Attributes of E1).

-Paul

Back to the top