Re: [Simple] Authorization Rules for groups
"Noga Tor" <noga.tor@gmail.com> Mon, 28 August 2006 13:03 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHgm5-00077h-0I; Mon, 28 Aug 2006 09:03:33 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHgm3-00077S-G0 for simple@ietf.org; Mon, 28 Aug 2006 09:03:31 -0400
Received: from ug-out-1314.google.com ([66.249.92.168]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHgm0-0004pD-GP for simple@ietf.org; Mon, 28 Aug 2006 09:03:31 -0400
Received: by ug-out-1314.google.com with SMTP id q2so1593474uge for <simple@ietf.org>; Mon, 28 Aug 2006 06:03:27 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=LA2AmRRYGhop2c/89Xhl41/PTwUT+WcQgdAzu7jy8Zhsh4twFJJN31q9uHVd7oeMk1uL0kFs1uFK3ebu07waWgiIay30LskiLi/cxJhORDcJ9sNKlFwirstKSMoQ5AC8FCj8FSeq2a5i1sv/N+scAsX2dyonR4xl/8Pm6Dxygx4=
Received: by 10.67.10.12 with SMTP id n12mr3699687ugi; Mon, 28 Aug 2006 06:03:27 -0700 (PDT)
Received: by 10.67.20.16 with HTTP; Mon, 28 Aug 2006 06:03:27 -0700 (PDT)
Message-ID: <44781c350608280603o485eff0eu6d775412d34abdf7@mail.gmail.com>
Date: Mon, 28 Aug 2006 16:03:27 +0300
From: Noga Tor <noga.tor@gmail.com>
To: simple@ietf.org, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
Subject: Re: [Simple] Authorization Rules for groups
In-Reply-To: <A5D2BD54850CCA4AA3B93227205D8A30898C66@MCHP7IEA.ww002.siemens.net>
MIME-Version: 1.0
References: <44781c350608220537n1979e82bm56aab297742acf4@mail.gmail.com> <A5D2BD54850CCA4AA3B93227205D8A30898C66@MCHP7IEA.ww002.siemens.net>
X-Spam-Score: 0.3 (/)
X-Scan-Signature: f9c0d585568a86447c98453afdf94aa0
Cc:
X-BeenThere: simple@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/simple>
List-Post: <mailto:simple@ietf.org>
List-Help: <mailto:simple-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1381046746=="
Errors-To: simple-bounces@ietf.org
I have no problem with this approach. It seems very logical to me the Presence XDMS will not have any knowledge of groups (RLS XDMS). However, I have bumped into an OMA test fest use case, which implies that such a connection should exist. I will append the text of the use case and let me know what u think... Presence-1.0-int-0123 Authorization management for groups Test Case Id Presence-1.0-int-0123 Test Object UEs with Presence Source, Presence Watcher and XDMC functionality, Presence Server, and Shared XDMS. Test Case Description Verify that a Presence Server can handle the Presence Rules document for groups of watchers stored in the Shared XDMS. *TEST CASE GOAL: *Verify that a UE, acting as a XDMC, can modify his permissions for groups of watcher stored in the Shared XDMS, and the PS handles these permissions properly. Specification Reference Refer to Appendix A SCR Reference Refer to Appendix A Tool N/A Test Code N/A Preconditions · Equipment: o 2 UEs (with User1, User2 credentials) o Presence Server o Presence XDMS o Shared XDMS · Prerequisite for this test: o In the Presence XDMS, the Presence Authorization Rules document contains information that Group A is authorized to see any of the presence information belonging to User1. o User2 is a member of Group A as defined by User1 o UE2 capable of displaying presence information. o User1 and User2 will have a set of commonly supported Presence elements. o User1 has no active publications. o User1 has the ability of changing the content of its Presence Authorization Rules Document. o User2 has no active subscriptions. Test Procedure 1. User1 publishes presence information for all commonly supported mandatory Presence elements. 2. User2 subscribe to presence information from User1. 3. User1 updates the Authorization Rules Document in PS XDMS to block Group A to see his presence. 4. User1 modifies the active presence information that has been published. Pass-Criteria 2. UE2 display the presence information from User1. 4. UE2 does not display any presence information from User1. Thanks Noga On 8/22/06, Tschofenig, Hannes <hannes.tschofenig@siemens.com> wrote: > Hi Noga, > > we discussed the aspect of groups some time back. > > I recall that the conclusion was the following: > (without searching through my mails) > > If you have a list of friends in your group then you would replace every > entity in the group with the specific instance of the group. > > Here is an example: You have a group sip:Alice-friends@example.com that > contains > sip:Joe@example.com, sip:Tom@example.com and sip:Bob@example.com > > The rule set would contain these three identities rather than some > identity for the entire group. > > You might argue about the performance improvement if you could just > convey a single rule instead of multiple onces. Given that you might not > update your rules every few seconds and that you might not have too many > groups with the same authorization right it might not be so dramatic at > the end. > > Do you see a problem with this approach? > > Ciao > Hannes > ________________________________ > > Von: Noga Tor [mailto:noga.tor@gmail.com] > Gesendet: Dienstag, 22. August 2006 14:38 > An: simple@ietf.org > Betreff: [Simple] Authorization Rules for groups > > > Hi > > I was wondering if there is any way to define an authorization > rule that will apply to (RLS) contact list groups? > > For example: > Presentity Alice (sip:Alice@example.com) has defined an RLS > contact list called Alice-friends (sip:Alice-friends@example.com ). > Is it possible for Alice to define a policy sinlge rule that > will apply to all members of group "Alice-friends"? > > I have looked at the draft document detailing the presence > policy rules > (http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11 > .txt > <http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11 > .txt> ). > I have found no evidence that such an action is possible. the > rule allows only the "one" or "many" options. Neither of these options, > (to my understanding) can be applied to such an RLS group and the only > option is to define each and every presentity in its own "one" tag. > > > I would appreciate your prompt respnose. > > > Thanks a lot > Noga > >
_______________________________________________ Simple mailing list Simple@ietf.org https://www1.ietf.org/mailman/listinfo/simple
- [Simple] Authorization Rules for groups Noga Tor
- AW: [Simple] Authorization Rules for groups Tschofenig, Hannes
- Re: [Simple] Authorization Rules for groups Noga Tor
- RE: [Simple] Authorization Rules for groups Martin.Hynar