[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Blended Authentication (AKA "Granular Access Control")

• To: Chiusano Joseph <chiusano_joseph@b...>
• Subject: Re: Blended Authentication (AKA "Granular Access Control")
• From: Rich Salz <rsalz@d...>
• Date: Wed, 07 May 2003 09:58:05 -0400
• Cc: xml-dev@l...
• In-reply-to: <3EB9048B.87D3964E@b...>
• References: <3EB9048B.87D3964E@b...>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312

>
>
>The concept is this: authentication of not only a user for access
>control to a resource, but a combination of the user *and* a resource -
>

This is called delegation. System A is an active participant -- it is a 
security entity of its own.  User1 authenticates to A and "delegates" 
its rights so that A can present its rights, and the delegated User1 
rights to B. OSF DCE has rich delegation; COM has limited (IIRC just the 
limited case of full delegation, which is really impersonation); Corba, 
based on the DCE Security model, is closer to DCE's capabilities.  XACML 
and SAML have many OSF DCE alumni on them, so those standards should 
have enough hooks to support delegation, even if it wasn't explicitly 
part of their baseline specs.

(I just updated Mozilla; apologies if this comes out at HTML)
    /r$

• Follow-Ups:
  • Re: Blended Authentication (AKA "Granular Access Control")
    • From: "Chiusano Joseph" <chiusano_joseph@b...>

• References:
  • Blended Authentication (AKA "Granular Access Control")
    • From: "Chiusano Joseph" <chiusano_joseph@b...>

• Prev by Date: RE: Some random noise on rational type systems for XML
• Next by Date: Re: Blended Authentication (AKA "Granular Access Control")
• Previous by thread: Re: Blended Authentication (AKA "Granular Access Control")
• Next by thread: Re: Blended Authentication (AKA "Granular Access Control")
• Index(es):
  • Date
  • Thread