>>>>> "David" == David Chadwick <[log in to unmask]> writes:
David> Hi Sam I think you are mixing up two different issues: global
David> uniqueness and semantics.
David> Access control needs global uniqueness in order to ensure
David> that only one user (or one group of users if the unique
David> attribute represents a group, as in a VOMS role for example)
David> gets the appropriate access rights. A PDP that computes the
David> access control decision does not care about the semantics of
David> the attribute. A meaningless random string for the attribute
David> is perfectly fine in order to make the correct access control
David> decision. So concatenating an IDP provided unique string
David> (whether it contains a scope or not is irrelevant for this
David> purpose) with the IDP name will provide global uniqueness of
David> the entire ID.
We are not in agreement on this issue.
I believe that several factors relating to the semantics of the
attribute are critical for access control decisions. Examples include:
* Temporal uniqueness of the identifier
* What precautions are taken to avoid re-use
* Uniqueness across events such as name changes, marriage, affiliation
changes (student becomes staff)
It's not clear to me that the answers that the broader AAA community has
given for CUI are entirely match what we're looking for.
--Sam
|