[cap-talk] Architectural Choices: How to migrate from IBAC to ABAC
Jed Donnelley
jed at nersc.gov
Thu Nov 15 19:05:07 EST 2007
On 11/15/2007 1:45 PM, Karp, Alan H wrote:
> Jed wrote:
>> Right. It "authenticates" the capability, nothing to
>> do with the requester. Is the term "authentication"
>> so intrinsically tied up in the IT terminology with
>> authenticating an identity (user) that people know
>> to apply it in no other context?
>
> In my experience it is,
OK, thanks. I'll stick with that.
> with the proviso that we include authentication
> of role and attributes.
How would one authenticate a role? Aren't roles
usually properties associated with users/identities?
Sorry, I don't know what an "attribute" is in the
above context or how one would be authenticated
independent of a user/id. I'll leave it to you
whether that's worth clarifying.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list