[prev in list] [next in list] [prev in thread] [next in thread]
List: cap-talk
Subject: [cap-talk] A useful strategy
From: "Karp, Alan H" <alan.karp () hp ! com>
Date: 2009-09-30 17:51:49
Message-ID: A0BE9926384D0940BBAD4B60190CB29A6A9240666A () GVW0433EXB ! americas ! hpqcorp ! net
[Download RAW message or body]
I've been participating in the US DoD Privilege Management Tiger Team (PvMTT). \
(Don't ya just LOVE that military talk?) There's been a lot of back and forth about \
ZBAC, mostly back (as in push back). At one point in the discussion, one of the most \
active participants wrote, "we want to create universally accepted identities that \
assert attributes and can be authenticated at a decision point." I replied with the \
following.
"Let's say we have the perfect, universally accepted identity system, and I make a \
request of a Pentagon web service. You know exactly who I am. Will you honor my \
request? No, unless it's a public service, in which case my identity doesn't matter. \
The issue is that knowing who is making the request doesn't tell you what access \
policy to apply."
Ever since then, the discussion shifted from whether to implement ZBAC to questions \
about how to implement it.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic