Difference between revisions of "Question to ask for request"

From IIW
Jump to: navigation, search
(Undo revision 3198 by Igiwydijok (Talk))
 
Line 1: Line 1:
=[http://uwujojedeh.co.cc UNDER COSTRUCTION, PLEASE SEE THIS POST IN RESERVE COPY]=
 
 
Convener: Alan Karps
 
Convener: Alan Karps
  
 
Most important question: is the request authorized?
 
Most important question: is the request authorized?
Delegatable authorization: without it the private in the army would be saying "yes sir, mr. obama", that would be the only way.
+
Delegatable authorization: without it the private in the army would be saying "yes sir, mr. obama", that would be the only way.
 
OAuth consciously conflated authz, authn and identity.
 
OAuth consciously conflated authz, authn and identity.
The goal was not to exchange credentials service side gets token "letting it be me for a period of time"
+
The goal was not to exchange credentials service side gets token "letting it be me for a period of time"
  
Tyler Close "web key" : REST based federation. Good paper: "ACL's don't"
+
Tyler Close "web key" : REST based federation. Good paper: "ACL's don't"
 
Authorization based access control is safer than SSO.
 
Authorization based access control is safer than SSO.
  

Latest revision as of 12:50, 7 February 2011

Convener: Alan Karps

Most important question: is the request authorized? Delegatable authorization: without it the private in the army would be saying "yes sir, mr. obama", that would be the only way. OAuth consciously conflated authz, authn and identity. The goal was not to exchange credentials service side gets token "letting it be me for a period of time"

Tyler Close "web key"  : REST based federation. Good paper: "ACL's don't" Authorization based access control is safer than SSO.

Sample Case:

Two Companies: A and B Memorandum of Understanding between companies Authz: Only US citizens can perform this action: Use XACML to express policy When user invokes service, he prevents delegation chain.

Alan Karps http://www.hp.com/alan_karp - might be wrong. Look for papers.

ZBack : Authorization based access control