[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cap-talk
Subject:    [cap-talk] A useful strategy
From:       "Karp, Alan H" <alan.karp () hp ! com>
Date:       2009-09-30 17:51:49
Message-ID: A0BE9926384D0940BBAD4B60190CB29A6A9240666A () GVW0433EXB ! americas ! hpqcorp ! net
[Download RAW message or body]

I've been participating in the US DoD Privilege Management Tiger Team (PvMTT).  \
(Don't ya just LOVE that military talk?)  There's been a lot of back and forth about \
ZBAC, mostly back (as in push back).  At one point in the discussion, one of the most \
active participants wrote, "we want to create universally accepted identities that \
assert attributes and can be authenticated at a decision point."  I replied with the \
following.

"Let's say we have the perfect, universally accepted identity system, and I make a \
request of a Pentagon web service.  You know exactly who I am.  Will you honor my \
request?  No, unless it's a public service, in which case my identity doesn't matter. \
The issue is that knowing who is making the request doesn't tell you what access \
policy to apply."

Ever since then, the discussion shifted from whether to implement ZBAC to questions \
about how to implement it.  

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp


_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk


[prev in list] [next in list] [prev in thread] [next in thread]