Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] Re: Revised access control policy Entity modeling

Now I'm more confused.  Is E1 a resource being protected, or an Entity being given a permission?  


When I re-read the example, it looks like you're allowing E3 and E4 to perform <operation> on E1.  


Is that right, or is E1 being granted permission to perform the <operation>?

>>> "Drummond Reed" <drummond.reed@xxxxxxxxxxxx> 06/26/08 4:33 PM >>>


The operation is not represented as an entity. It’s just an arc (URI) between the PolicyEntity and the Entity to which permission for the operation is being granted.


=Drummond


From:

higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx]

On Behalf Of

Jim Sermersheim

Sent:

Thursday, June 26, 2008 12:33 PM

To:

higgins-dev <higgins-dev@xxxxxxxxxxx

Subject:

[higgins-dev] Re: Revised access control policy Entity modeling


 


Why is the operation represented as an entity?  Is it more complex than a simple URI?



>>> Paul Trevithick <paul@xxxxxxxxxxxxxxxxx> 06/26/08 11:15 AM >>>


Hi Jim,

After conversations with Drummond, it appears that there is a simpler way to model the access control semantics of a PolicyEntity. The new proposal is shown below and attached as a TIFF. Only one of the higgins:subject arcs shown below would be needed in the simplest case, but I drew both to show both possible kinds of subjects. As I hope is self-evident, the example below states that subject E3 and subject E4 are permitted <some kind of operation> (e.g. higgins:get, higgins:mod, higgins:del) on Entity E1 (that is, any or all Attributes of E1).

-Paul

Back to the top