> To conclude: I belive that a request URI based AC system have > clear advantages compared to pipeline based AC, and that it > could be added to Cocoon without effecting the contracts at > all. I also think that the "correct" way of handling security > is a resource based system, and that a such would need to > affect the inner workings of Cocoon. > > Comment, ideas? >
Have you looked at SAML http://www.oasis-open.org/committees/security/ <SNIP src="from spec"> The Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A typical example of a subject is a person, identified by his or her email address in a particular Internet domain[PHB2]. Assertions can convey information about authentication acts performed by subjects, attributes of subjects, and authorization decisions about whether subjects are allowed to access certain resources. Assertions are represented as XML constructs and have a nested structure, whereby a single assertion might contain several different internal statements about authentication, authorization, and attributes. Note that authentication assertions merely describe acts of authentication that happened previously; checking and revoking of credentials is outside the scope of this version of SAML[PHB3]. </SNIP> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
