[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HRAC proposal

To: hrac-rfp@cs.fiu.edu
Subject: Re: HRAC proposal
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Fri, 4 Sep 1998 16:43:23 -0400 (EDT)
In-Reply-To: <5040300019612468000002L082*@MHS>
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

Bob Blakley and others,

I finally got back to HRAC business after my almost 2 week (great) vacation on
Alaskan glaciers. I'm reading Bob's proposal on ADO and the company.
I have some questions that I'll be able to formulate when I'll go through use
cases. Below I'm discussing obvious questions (their are not in the order of
importance):

1. Is not it more clear and easy to put all provided interfaces in some module
(for example, HRAC) and remove "HRAC" prefix from their names?

2. Why is HRACAccessDecision interface locality constrained?

3. Method "get_effective_rights" already defined in
SecurityAdmin::AccessPolicy. As far as I understand IDL, since HRACAccessPolicy
inherits from SecurityAdmin::AccessPolicy, it can be empty. I.e.
interface HRACAccessPolicy : SecurityAdmin::AccessPolicy {};

4. How are time-based rules evaluated by HRACAccessDecision object in making
authorization decisions? Does HRACAccessRequiredRights return a right that
means allowed time?

Maybe these questions were already discussed in the conf call?

Konstantin
-----------------------------------
Distributed Computing Architect
Baptist Health Systems of South Florida
voice: 305.596.1960 x6469

----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Prev by Date: RE: [Draft] expected FAQ on my draft
Next by Date: Do we have a conference call today?
Prev by thread: RE: [Draft] expected FAQ on my draft
Next by thread: Do we have a conference call today?
Index(es):
- Date
- Thread