[cap-talk] Abstractions that subsume capabilities (was: Re: What sparked interest in capabilities)
Karp, Alan H
alan.karp at hp.com
Thu Mar 6 17:10:54 EST 2008
Jed wrote:
>
> Hmmm. I spent a bit of time looking around on the Web and
> didn't find anything that I would consider a 'taxonomy' for
> access control schemes.
I'm working on a study group for the Navy chartered with creating a position paper on SOA IA Security. (Services Orientented Architecture Information Assurance, for you non-military types. I usually apologize for the lack of acronyms in my notes to that group.) They use DAC/MAC to describe who determines access and IBAC (identification), RBAC (role), ABAC (attributes) to define the authentication used to make an authorization decision. Because of the acronym collision, we use NBAC (autheNtication) for the those three and ZBAC (authoriZation) for what I'm pushing. That's sort of a 2-dimensional taxonomy.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list