|
Home > Archive > Apache Directory Project > October 2007 > [Triplesec] [AuthZ] Introduction
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Triplesec] [AuthZ] Introduction
|
|
| Alex Karasulu 2007-10-24, 1:11 pm |
| Introduction
-----------------
This series describes the circumstances resulting in the need for a
centralized
authorization policy management system. In doing so, it defines a subset of
the
problems that must be solved by Triplesec's Authorization Manager. These
problems
and the various use cases described here resonate the goals of the Apache
Triplesec
Project with respect to authorization policy.
We're going to talk about applications, identities, permissions, roles,
groups, and the
assignment of roles to individual identities as well as to groups of
identities. This will
lead us into discussions regarding what these entities are with clear
definitions we can
agree on and use as the nomenclature for this aspect of Triplesec.
Let us try to be as exacting as possible when speaking about these concepts
and
defining them eventually for use in a glossary section of our Triplesec
documentation.
Thanks,
Alex
| |
| David Jencks 2007-10-30, 7:11 pm |
| Alex pointed out that it wasn't all that useful when in my previous
comments I broke all the threads and glommed all of his descriptions
together. So I'm re-commenting on the individual definitions.
On Oct 24, 2007, at 10:14 AM, Alex Karasulu wrote:
> Introduction
> -----------------
>
> This series describes the circumstances resulting in the need for a
> centralized
> authorization policy management system. In doing so, it defines a
> subset of the
> problems that must be solved by Triplesec's Authorization Manager.
> These problems
> and the various use cases described here resonate the goals of the
> Apache Triplesec
> Project with respect to authorization policy.
>
> We're going to talk about applications, identities, permissions,
> roles, groups, and the
> assignment of roles to individual identities as well as to groups
> of identities. This will
> lead us into discussions regarding what these entities are with
> clear definitions we can
> agree on and use as the nomenclature for this aspect of Triplesec.
>
My main problems with this is that to me roles and groups are the
same thing, and that applications aren't really a basic category.
Alex and I have been discussing whether groups and roles are
different aspects of the same thing for quite a while and there's
more discussion elsewhere. Applications I can discuss in this series
of emails.
> Let us try to be as exacting as possible when speaking about these
> concepts and
> defining them eventually for use in a glossary section of our
> Triplesec documentation.
OK but by asking for me to be exacting.... I get to be pretty picky :-)
thanks
david jencks
>
> Thanks,
> Alex
|
|
|
|
|