The operation is not represented as an
entity. It’s just an arc (URI) between the PolicyEntity and the Entity to
which permission for the operation is being granted.
=Drummond
From:
higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jim Sermersheim
Sent: Thursday, June 26, 2008
12:33 PM
To: higgins-dev
<higgins-dev@xxxxxxxxxxx
Subject: [higgins-dev] Re: Revised
access control policy Entity modeling
Why
is the operation represented as an entity? Is it more complex than a
simple URI?
>>> Paul Trevithick <paul@xxxxxxxxxxxxxxxxx> 06/26/08 11:15 AM
>>>
Hi Jim,
After conversations with Drummond, it appears that there is a simpler way to
model the access control semantics of a PolicyEntity. The new proposal is shown
below and attached as a TIFF. Only one of the higgins:subject arcs shown below
would be needed in the simplest case, but I drew both to show both possible
kinds of subjects. As I hope is self-evident, the example below states that
subject E3 and subject E4 are permitted <some kind of operation> (e.g.
higgins:get, higgins:mod, higgins:del) on Entity E1 (that is, any or all
Attributes of E1).
-Paul
