Skip to Content.
Sympa Menu

shibboleth-dev - Re: ARP ACLs and authorization

Subject: Shibboleth Developers

List archive

Re: ARP ACLs and authorization


Chronological Thread 
  • From: Parviz Dousti <>
  • To:
  • Subject: Re: ARP ACLs and authorization
  • Date: Sat, 30 Mar 2002 10:23:08 -0500



--On Friday, March 29, 2002 5:28 PM -0600 "Michael A. Grady" <> wrote:

- Think of ACL as a set of uids. Users who are in the ACL of and
object can "insert" an object hanging off of that object. e.g. if
user foo is in the ACL of SHAR object of my ARP, foo can create a new
RESOURCE object for me.


When you say a 'set of uids', I assume you are talking generically? E.g.
that a uid might actually represent a group, or 'self', or a DN from a
directory? You don't literally mean storing ACLs whose values are the
actual usernames?

I really don't want to implement a full fledge authorization system. I specifically did not have groups in mind when I wrote that. I like to have the notion of ACLs in the design and implement the minimum that would make this project useful at this time. Of course we would make sure to make it easily expandable and can use an external authorization module. I think time would tell how this system would be used and in which direction it would be expanded.


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page