Alex pointed out that it wasn't all that useful when in my previous
comments I broke all the threads and glommed all of his descriptions
together. So I'm re-commenting on the individual definitions.
On Oct 24, 2007, at 10:14 AM, Alex Karasulu wrote:
Introduction
-----------------
This series describes the circumstances resulting in the need for a
centralized
authorization policy management system. In doing so, it defines a
subset of the
problems that must be solved by Triplesec's Authorization Manager.
These problems
and the various use cases described here resonate the goals of the
Apache Triplesec
Project with respect to authorization policy.
We're going to talk about applications, identities, permissions,
roles, groups, and the
assignment of roles to individual identities as well as to groups
of identities. This will
lead us into discussions regarding what these entities are with
clear definitions we can
agree on and use as the nomenclature for this aspect of Triplesec.
My main problems with this is that to me roles and groups are the
same thing, and that applications aren't really a basic category.
Alex and I have been discussing whether groups and roles are
different aspects of the same thing for quite a while and there's
more discussion elsewhere. Applications I can discuss in this series
of emails.
Let us try to be as exacting as possible when speaking about these
concepts and
defining them eventually for use in a glossary section of our
Triplesec documentation.
OK but by asking for me to be exacting.... I get to be pretty picky :-)
thanks
david jencks
Thanks,
Alex
