[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] Re: Revised access control policy Entity modeling
|
E1 is the resource that's being protected.
E3 and E4 are given permission to perform <operation> on E1.
Markus
On Fri, Jun 27, 2008 at 3:03 AM, Jim Sermersheim <
jimse@xxxxxxxxxx> wrote:
Now I'm more confused. Is E1 a resource being protected, or an Entity being given a permission?
When I re-read the example, it looks like you're allowing E3 and E4 to perform <operation> on E1.
Is that right, or is E1 being granted permission to perform the <operation>?
>>> "Drummond Reed" <drummond.reed@xxxxxxxxxxxx> 06/26/08 4:33 PM >>>
The operation is not represented as an entity. It's just an arc (URI) between the PolicyEntity and the Entity to which permission for the operation is being granted.
Why is the operation represented as an entity? Is it more complex than a simple URI?
>>> Paul Trevithick <paul@xxxxxxxxxxxxxxxxx> 06/26/08 11:15 AM >>>
Hi Jim,
After conversations with Drummond, it appears that there is a simpler way to model the access control semantics of a PolicyEntity. The new proposal is shown below and attached as a TIFF. Only one of the higgins:subject arcs shown below would be needed in the simplest case, but I drew both to show both possible kinds of subjects. As I hope is self-evident, the example below states that subject E3 and subject E4 are permitted <some kind of operation> (e.g. higgins:get, higgins:mod, higgins:del) on Entity E1 (that is, any or all Attributes of E1).
-Paul
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev