[cap-talk] Architectural Choices for Security - movingforward-How to migrate SOA from IBAC to ABAC
Stiegler, Marc D
marc.d.stiegler at hp.com
Wed Nov 14 12:04:53 EST 2007
Truthfully, I think the right term to use is still IBAC, which is the
term Alan has historically used. Referring to "Identity Based" as IBAC
and Authorization Based as ABAC is instantly understood by everyone. But
unless you are talking to the smaller circle of people who speak of
AuthN and AuthZ, the N and the Z need such a long explanation that it
gets in the way of the discussion. NBAC and ZBAC is a total failure for
an "elevator pitch", for example, unlike IBAC and ABAC.
--marcs
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of ken
> Sent: Wednesday, November 14, 2007 6:08 AM
> To: 'General discussions concerning capability systems.'
> Subject: Re: [cap-talk] Architectural Choices for Security -
> movingforward-How to migrate SOA from IBAC to ABAC
>
> Alan
> Your to references are just the job. I have made a first pass
> and I like the way you have adapted SAML. I also agree that
> the problem is authentication based and if NBAC is understood
> as covering Identities, Roles and Policy alternatives then I
> shall follow your lead and use that term myself. Thanks k
More information about the cap-talk
mailing list