[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Blended Authentication (AKA "Granular Access Control")
> > >The concept is this: authentication of not only a user for access >control to a resource, but a combination of the user *and* a resource - > This is called delegation. System A is an active participant -- it is a security entity of its own. User1 authenticates to A and "delegates" its rights so that A can present its rights, and the delegated User1 rights to B. OSF DCE has rich delegation; COM has limited (IIRC just the limited case of full delegation, which is really impersonation); Corba, based on the DCE Security model, is closer to DCE's capabilities. XACML and SAML have many OSF DCE alumni on them, so those standards should have enough hooks to support delegation, even if it wasn't explicitly part of their baseline specs. (I just updated Mozilla; apologies if this comes out at HTML) /r$
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|