Re: [Ace] Extended REST model comment
Carsten Bormann <cabo@tzi.org> Tue, 30 June 2020 15:35 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0243A0AE8; Tue, 30 Jun 2020 08:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kpmdCtuDNLrx; Tue, 30 Jun 2020 08:35:29 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5F373A0ADB; Tue, 30 Jun 2020 08:35:28 -0700 (PDT)
Received: from [172.16.42.112] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 49x7j71qYxz107y; Tue, 30 Jun 2020 17:35:23 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <039a01d64eec$ce5abdb0$6b103910$@augustcellars.com>
Date: Tue, 30 Jun 2020 17:35:22 +0200
Cc: draft-bormann-core-ace-aif@ietf.org, ace@ietf.org
X-Mao-Original-Outgoing-Id: 615224122.738447-b096d2578528d87fa36e5424c040539b
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E078421-C692-475E-880B-30295F520D88@tzi.org>
References: <039a01d64eec$ce5abdb0$6b103910$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/crTsx4QJNPQwjdkG43vZ7VFkxg0>
Subject: Re: [Ace] Extended REST model comment
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 15:35:31 -0000
On 2020-06-30, at 16:43, Jim Schaad <ietf@augustcellars.com> wrote: > > In trying to formalize a policy for the RD testing, I ended up with > something that I think needs to be noted in this section. There is a > difference between the following statements: > > Access is granted to resources created by the client. > Access is granted to resources that could have been created by the client. > > The first is what the text seems to cover. This make sense in for the > coffeepot where only the person who created the order should be able to > cancel it. (Well maybe an administrator might need to as well.) However it > does not cover the case where an installer created a number of entries in > the RD. A QA person then comes through to make sure the installation was > done correctly. When he finds a problem, the first statement requires that > the original installer come out to fix it while the second statement allows > the QA person to make the fix. Hi Jim, interesting. I was thinking about #1 — I can make a coffee, I can cancel making it, you can make a coffee, but you can’t cancel my coffee. Or delete my RD entry, etc. So making the resource confers ownership (really: a separate set of permission bits) that is bound to the subject. In my view of how permission systems usually work, the other alternative requires creating a group. The inherited permission would then be attached to the group. Since AIF is about capability lists, not about subject identities, I think we are covered — just have the capability list on the group. NFSv4 permissions probably also have a way to handle this kind of inheritance, but I’ll not have time to look that up today... Grüße, Carsten
- [Ace] Extended REST model comment Jim Schaad
- Re: [Ace] Extended REST model comment Carsten Bormann
- Re: [Ace] Extended REST model comment Jim Schaad