[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
update list of issues
Attached is the list of outstanding issues with today update from Bob
Burt.
--
Konstantin
Outstanding
HRAC RFP Submission: Outstanding Issues
Title Understanding of application functionality or data
ID 10
Should be addressed in Initial
Description Should HRAC understand application data/functionality?
Date Issued 8/11/98
Depends on Issues No dependencies
Pointed by Bob Burt
Related Refs msg00108.html
Title Consistent Terminology
ID 7
Should be addressed in Initial
Description Can we define some consistent Terminology?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Carol Burt
Related Refs msg00039.html
Tuesday, August 11, 1998 Page 1 of 7
Title Access Control
ID 1
Should be addressed in Initial
Description 1. What is the model/mechanism?
2. Is the model/mechanism fixed or extensible? If extensible, how so?
3. Does the rules of the model/mechanism use resource content as security metadata?
Date Issued 8/10/98
Depends on Issues 8, 9
Pointed by John Barkley
Related Refs
Title Resource Identifier Structure
ID 9
Should be addressed in Initial
Description What syntax and semantics should the resource identifier have?
Date Issued 8/10/98
Depends on Issues 8
Pointed by Carol Burt
Related Refs [hrac resources] thread in the submission team mail list + minutes from July 30
meeting of the submitting team
Title Goals for Initial submission
ID 17
Should be addressed in Initial
Description What else is needed for an initial submission?
Date Issued 8/11/98
Depends on Issues 10-16
Pointed by Bob Burt
Related Refs msg00108.html
Tuesday, August 11, 1998 Page 2 of 7
Title Definition of "Resource"
ID 11
Should be addressed in Initial
Description What is a resource?
Date Issued 8/11/98
Depends on Issues No dependencies
Pointed by Bob Burt
Related Refs msg00108.html
Title Defintion of "Resource Name"
ID 12
Should be addressed in Initial
Description What is a resource name?
Date Issued 8/11/98
Depends on Issues 11
Pointed by Bob Burt
Related Refs msg00108.html
Title Defintion of "Resource Metadata"
ID 13
Should be addressed in Initial
Description What is resource metadata?
Date Issued 8/11/98
Depends on Issues 11
Pointed by Bob Burt
Related Refs msg00108.html
Tuesday, August 11, 1998 Page 3 of 7
Title Information passed to the decision maker logic
ID 14
Should be addressed in Initial
Description What information does an application pass to the decision maker logic?
Date Issued 8/11/98
Depends on Issues No dependencies
Pointed by Bob Burt
Related Refs msg00108.html
Title Operation Format
ID 15
Should be addressed in Initial
Description What is the format of an operation?
Date Issued 8/11/98
Depends on Issues 14
Pointed by Bob Burt
Related Refs msg00108.html
Title Authorization rule specification
ID 16
Should be addressed in Initial
Description How are rules specified?
Date Issued 8/11/98
Depends on Issues No dependencies
Pointed by Bob Burt
Related Refs msg00108.html
Tuesday, August 11, 1998 Page 4 of 7
Title Resource Security Metadata
ID 8
Should be addressed in Initial
Description I can see the following 3 ways to obtain resource security metadata (I use words
"metadata" and "data" to mean the same type of data unless specified otherwise):
1. Pass only resource id to the ADO. In order to obtain the data the ADO is supposed to
go elsewhere and use resource id to find the data.
2. Pass only resource id to the ADO and use it as a carrier of the data. Where as,
a. data syntax and semantics of the data are predefined and assumed.
b. data syntax is not assumed. Data is represented by parsable tag-like structures.
Semantics of data is predefined elsewhere.
c. syntax and semantics of data are defined elsewhere and a reference to those
definitions is passed along the data itself.
Each way has pros and cons. What one (or more than one) should be used in this
submission?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs [hrac resources] thread in the mail list of the submitting team
Title Quality of Protection as an authorization decision factor
ID 6
Should be addressed in Revised
Description Should current quality of protection policy information in ADO client be used as a
factor in authorization decisions as principal credentials are?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs msg00055.html -- msg00057.html
Tuesday, August 11, 1998 Page 5 of 7
Title Locality constrainness of ADO
ID 5
Should be addressed in Revised
Description Should an Access Decision Object to be locality constrained?
Date Issued 8/10/98
Depends on Issues No dependencies
Pointed by Konstantin Beznosov
Related Refs
Title Exception(s) raised by multiple_action_access_allowed() method in ADO interface
ID 4
Should be addressed in Final
Description From her message: "Should access decision methods throw exceptions at all... an audit
log should have this info... but not the client... seems it should be a binary
decision."
Derived from a conference call discussion:
How would a programmer use an exception returned by multiple_action_access_allowed()
method?
Is not it better return any problem indications in the returned sequence instead of
raising an exception?
Date Issued 8/10/98
Depends on Issues 2
Pointed by Carol Burt
Related Refs
Tuesday, August 11, 1998 Page 6 of 7
Title ADO interfaces Exceptions
ID 2
Should be addressed in Final
Description What exceptions should be raised by ADO's methods?
Should it be the matter of a policy whether ADO raises an exception when something goes
wrong ot silently denies access to a resource?
Three possible directions are identified:
1. Methods raise no exceptions
2. Methods raise exceptions
a. Methods raise only system exceptions (like NO_PERMISSION, BAD_PARAM,
NOT_IMPLEMENT)
b. Methods raise system and application exceptions,
Date Issued 8/11/98
Depends on Issues
Pointed by Konstantin Beznosov
Related Refs mail list archive messages # msg00040.html, msg00054.html
Tuesday, August 11, 1998 Page 7 of 7