[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Blended Authentication (AKA "Granular Access Control")


granular access to network
Rich Salz wrote:

> Because the minute they leave a single administrative domain, many of us believe
> that things like authentication, authorization, privacy, and data integrity are
> important.

Understood. As I see it, there are three courses of action:

    1) Do nothing. Execute transactions only via two-phase commit in the homogenous
network behind the firewall, where the basis of interoperability between processes is
the intimate knowledge they have of each other's workings, realized in the
precisely-specified datastructures shared between processes. When it is necessary to
interchange data with or to execute transactions against those outside the firewall,
require that there be in place a known identification mechanism for each such
counterparty and a known gateway mapping of the external form of data to the internal
datastructure used for executing transactional processes. Since my original 1998 essay
on this subject, this is what I have called the 'shop' model:  to anyone from outside
the firewall and the homogenous enterprise network it presents a take-it-or-leave-it
gateway, rather like the cash register of a shop. If you want to do business in this
shop, present yourself at the cash register and satisfy the clerk that you meet the
shop's self-declared terms for doing business with it. Since, however, this model may
not be acceptable to other businesses which might consider themselves your peers, if
not greater, then there is the perhaps more palatable possibility of

    2) Create a cartel of like-minded businesses, based upon agreed uses of data
interchanged, from which each party can assure itself that a requester of data has a
need-to-know which the supplier of that data considers legitimate. This is the model
for which Messrs. Chiusano and Cavnar-Johnson are discussing the implementation
logistics of 'X.509 certs, SAML, Kerberos tickets, etc.'

    3) Design web services which are autonomous expert processes each using data for
its own purposes in its own way. In creating data any process renders it in a form
best suited to the expression of its own expertise, without regard for the processes
which might use that data downstream, their expectations of the form that it should
take, nor speculations on what semantics might attach to that data in the execution of
those downstream processes.

> Or would you mind mailing me your PIN?

Don't mind at all. I'll post it right here. 24778. What good does that do you?

Respectfully (and it is with respect that I enjoy the privilege of the ongoing debate
on xml-dev),

Walter Perry


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.