[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

my due items

To: hrac-rfp@cs.fiu.edu
Subject: my due items
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Thu, 15 Oct 1998 15:20:40 -0400 (EDT)
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

Carol,

The following are my due items for the submission text:

1. A sentence that introduces the issues in the section:

"The problems described in this section are not yet addressed by the current
submission. The submission team is intended to address some of them in the
future revisions of the proposed specification"


2. Additional wording in the section 2.1

"In the proposed design, authorization logic is encapsulated into an external
to the application authorization service. In order to perform an
application-level access control, an application requires an authorization
decision from such a service and enforces that decision. A simplified schema is
depicted in Figure 1 (file high-level-schema.jpg attached). The sequence of the
interaction, illustrated by Figure 1, is as follows:

1. An application client invokes an operation on the interface provided by
 the target object. The invocation is translated by the ORB into a request
message. This corresponds to step 1 in the figure.

2. The target object's ORB receives the request and translates it into
invocation of the appropriate operation on the target object.

3. While processing the invocation, the target object requires an authorization
 decision from the ADO by invoking a corresponding operation on the object. The
invocation, as in previous case, is translated to a request by the target
object ORB. Step 2 in the figure.

4. The request is translated back into invocation of the appropriate operation
on the ADO.

5. The ADO completes the invocation and the reply is translated by the ORB into
return from the invocation performed in 3. This corresponds to step 3 in the
figure.

6. The target object, after receiving an authorization decision, enforces it.
If access was granted by the ADO, the target object returns expected results of
the invocation. Otherwise, it either returns partial results or raises an
exception. Step 4 in the figure.

7. The client receives either results of the invocation or an exception.

More detailed description of the design can be found in Section 2.5"



3. Also, I'm browsing through the submission and find that section "Outstanding
Issues" would be better read if it was at the very end of section 2. Comments?

I think those two items are all what I'm supposed to provide by today. Carol,
let me know if you want anything else from me or any help with the submission.

Konstantin

high-lelvel-schema.jpg

Follow-Ups:
- Re: my due items
  - From: Carol Burt <cburt@2ab.com>

Prev by Date: Re: Minutes: HRAC Submitters conference call October 15, 1998
Next by Date: Changes to Use Case Appendix
Prev by thread: Initial submission 10/15 1 PM edition
Next by thread: Re: my due items
Index(es):
- Date
- Thread