[Ace] Extended REST model comment
Jim Schaad <ietf@augustcellars.com> Tue, 30 June 2020 14:43 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700DA3A0A20; Tue, 30 Jun 2020 07:43:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14gPiYZmvQNH; Tue, 30 Jun 2020 07:43:28 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92F843A0A0E; Tue, 30 Jun 2020 07:43:27 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 30 Jun 2020 07:43:21 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-bormann-core-ace-aif@ietf.org
CC: ace@ietf.org
Date: Tue, 30 Jun 2020 07:43:20 -0700
Message-ID: <039a01d64eec$ce5abdb0$6b103910$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
thread-index: AdZO7D+D5UDgLvz2RcGdoJdfIgCinQ==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/NXKBxbFalHGgMhyKrxOP_45IBSQ>
Subject: [Ace] Extended REST model comment
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 14:43:30 -0000
In trying to formalize a policy for the RD testing, I ended up with something that I think needs to be noted in this section. There is a difference between the following statements: Access is granted to resources created by the client. Access is granted to resources that could have been created by the client. The first is what the text seems to cover. This make sense in for the coffeepot where only the person who created the order should be able to cancel it. (Well maybe an administrator might need to as well.) However it does not cover the case where an installer created a number of entries in the RD. A QA person then comes through to make sure the installation was done correctly. When he finds a problem, the first statement requires that the original installer come out to fix it while the second statement allows the QA person to make the fix. Jim
- [Ace] Extended REST model comment Jim Schaad
- Re: [Ace] Extended REST model comment Carsten Bormann
- Re: [Ace] Extended REST model comment Jim Schaad