[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hrac resources]

To: <hrac-rfp@cs.fiu.edu>
Subject: Re: [hrac resources]
From: "jb" <jbarkley@nist.gov>
Date: Thu, 6 Aug 1998 13:41:06 -0400
Sender: owner-hrac-rfp@cs.fiu.edu

>I think I  understand what you are saying here, the 'content' of the
>information system is the security metadata or at least a part of the
>security metadata.  Can we imagine security metadata that is not part of
>the 'content'?

There are endless examples: userid, groupid, permissions of Unix files;
access control lists on Windows NT files; access control lists on relational
database objects (SQL supports role based access control on tables, columns,
etc.); the name/value pairs that John Sebes mentioned.

> 1) Are there metadata that have no purpose outside of security?
>  If yes, then HRAC must administer and access such metadata.
>   If no, then fall to 2)

> 2) IS content metadata stored explicitly in system?

The access control mechanisms defined for HRAC presumably will require
certain information associated with users and resources which, in the
context of an access control mechanism, would be called security metadata.
The HRAC ADO determines access based on this information. In an HRAC
implementation, where the ADO gets this information, i.e., from content or
from security metadata kept separate (and maybe redundantly) from content, I
would think would be up to the implementation.

jb

----------------
Broadcast message to hrac-rfp from "jb" <jbarkley@nist.gov>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Prev by Date: Re: [hrac resources]
Next by Date: RE: [hrac resources]
Prev by thread: RE: [hrac resources]
Next by thread: Re: [COAS-List] RE: [hrac resources]
Index(es):
- Date
- Thread