[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Issues] and tomorrow conference call
Please find attached a list of outstanding issues in PDF and text
formats.
I compiled the list after the mail list messages.
I suggest to identify other issues and their priorities during the
tomorrow conference call (it's already on the agenda).
--
Konstantin
Outstanding
HRAC RFP Submission: Outstanding Issues
Title Resource Identifier Structure
ID 9
Should be addressed in Initial
Description What syntax and semantics should the resource identifier have?
Date Issued 8/10/98
Depends on Issues 8
Pointed by Carol Burt
Related Refs [hrac resources] thread in the submission team mail list + minutes from July 30
meeting of the submitting team
Title Resource Security Metadata
ID 8
Should be addressed in Initial
Description I can see the following 3 ways to obtain resource security metadata (I use words
"metadata" and "data" to mean the same type of data unless specified otherwise):
1. Pass only resource id to the ADO. In order to obtain the data the ADO is supposed to
go elsewhere and use resource id to find the data.
2. Pass only resource id to the ADO and use it as a carrier of the data. Where as,
a. data syntax and semantics of the data are predefined and assumed.
b. data syntax is not assumed. Data is represented by parsable tag-like structures.
Semantics of data is predefined elsewhere.
c. syntax and semantics of data are defined elsewhere and a reference to those
definitions is passed along the data itself.
Each way has pros and cons. What one (or more than one) should be used in this
submission?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs [hrac resources] thread in the mail list of the submitting team
Monday, August 10, 1998 Page 1 of 4
Title Consistent Terminology
ID 7
Should be addressed in Initial
Description Can we define some consistent Terminology?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Carol Burt
Related Refs msg00039.html
Title Access Control
ID 1
Should be addressed in Initial
Description 1. What is the model/mechanism?
2. Is the model/mechanism fixed or extensible? If extensible, how so?
3. Does the rules of the model/mechanism use resource content as security metadata?
Date Issued 8/10/98
Depends on Issues 8, 9
Pointed by John Barkley
Related Refs
Title Quality of Protection as an authorization decision factor
ID 6
Should be addressed in Revised
Description Should current quality of protection policy information in ADO client be used as a
factor in authorization decisions as principal credentials are?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs msg00055.html -- msg00057.html
Monday, August 10, 1998 Page 2 of 4
Title Locality constrainness of ADO
ID 5
Should be addressed in Revised
Description Should an Access Decision Object to be locality constrained?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs
Title exception(s) raised by multiple_action_access_allowed() method in ADO interface
ID 4
Should be addressed in Final
Description From her message: "Should access decision methods throw exceptions at all... an audit
log should have this info... but not the client... seems it should be a binary
decision."
Derived from a conference call discussion:
How would a programmer use an exception returned by multiple_action_access_allowed()
method?
Is not it better return any problem indications in the returned sequence instead of
raising an exception?
Date Issued 8/10/98
Depends on Issues 2
Pointed by Carol Burt
Related Refs
Monday, August 10, 1998 Page 3 of 4
Title ADO interfaces Exceptions
ID 2
Should be addressed in Final
Description What exceptions should be raised by ADO's methods?
Should it be the matter of a policy whether ADO raises an exception when something goes
wrong ot silently denies access to a resource?
Three possible directions are identified:
1. Methods raise no exceptions
2. Methods raise exceptions
a. Methods raise only system exceptions (like NO_PERMISSION, BAD_PARAM,
NOT_IMPLEMENT)
b. Methods raise system and application exceptions,
Date Issued 8/11/98
Depends on Issues
Pointed by Konstantin Beznosov
Related Refs mail list archive messages # msg00040.html, msg00054.html
Monday, August 10, 1998 Page 4 of 4