[cap-talk] Architectural Choices for Security-movingforward-How to migrate SOA from IBAC to ABAC
Karp, Alan H
alan.karp at hp.com
Wed Nov 14 13:51:26 EST 2007
MarkM wrote:
>
> I've lately been happy using "identity-centric" vs
> "authorization-centric". I then explain that ACLs, RBAC, PBAC, and MLS
> are all identity-centric. Capabilities, Polaris, SPKI, and BitFrost
> are authorization-centric.
>
I like the "-centric" term, but I think I'll go with
authentication-centric versus authorization-centric. The use of N/Z was
to fit that into the BAC nomenclature. I can avoid that rathole with
the "-centric" terminology.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list