[data-protocols] Access Control

Haq, Salman Salman.Haq at neustar.biz
Mon Mar 19 03:19:47 GMT 2012


Personally, I'm investigating role-based methods.

In my use-case, I can envision a vast number of 'agents' each associated
with some notion of 'identity' and 'role' trying to access data with the
policy enforcement mechanism working transparently. It's possible the
queries may complete fully, not at all, or partially, based on the
decision made by the policy enforcement mechanism. The important thing is
that the decision has be made in 'real-time'.

XACML is a standard language for describing access policies. It affords a
lot of flexibility but at the cost of verbosity and complexity. Are there
other languages for this problem domain?

Also, do others have different use cases?


Thanks,
Shaq


On 3/18/12 9:00 PM, "Francis Irving" <francis at flourish.org> wrote:

>That's an excellent question!
>
>I'm mildly worried that every data hub, and indeed every piece of
>enterprise SaaS!, is inventing its own access control method.
>
>I've no idea what the best answer is. Anyone?
>
>Francis
>
>On Sun, Mar 18, 2012 at 08:38:33PM -0400, Haq, Salman wrote:
>> Hi all,
>> 
>> The Data Protocols group is engaged in very useful work. I was curious
>>if there had been any discussions about access control mechanisms.
>>Inevitably, any database is usually tempered by access filters and if
>>people have any ideas about that, I would like to know. I skimmed the
>>archives about this topic but didn't find anything relevant.
>> 
>> Thanks,
>> Shaq
>> Architect, Neustar Inc.
>> 
>> 
>
>> _______________________________________________
>> data-protocols mailing list
>> data-protocols at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/data-protocols
>




More information about the data-protocols mailing list