Re: [plasma] Delegation scenario

Sat, 03 Dec 2011 18:21:21 -0800 

Trevor, et al-
                Sorry it took me so long to reply on this. Anyway, I can see 
two scenarios, and two ways that a Plasma implementation could met the 
requirements.

The first delegation scenario is a persistent delegation such as between a Boss 
and an Administrative assistant. In this case, the Admin gets to read (most of) 
the Boss's email.

The second scenario is temporary delegation, such as assigning a role to an 
individual while on vacation. In this case, the delegate only has access to the 
messages while the delegator is on vacation.

As for ways the Plasma addresses this, it can either be done through the access 
rules (e.g., Boss's assigned Administrative Assistant is allowed to read 
company proprietary information, but not personal information) or through the 
assertions provided to the PDP at access request (e.g., Delegate has Role X, 
which meets the criteria for reading the message).

In both cases, these approaches are greatly preferable to PKI-based S/MIME, 
which usually involves sharing private keys, removing all granularity for 
access.

Let me know if that's enough to go on.

                -Scott

Scott Fitch
Cyber Architect
[email protected]

From: Trevor Freeman [mailto:[email protected]]
Sent: Friday, October 28, 2011 1:48 PM
To: Fitch, Scott C; [email protected]
Subject: EXTERNAL: RE: Delegation scenario

That is a good observation. If you give a brief outline on how you see a 
scenario changing for delegation and I will incorporate that into the next 
version.

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]]<mailto:[mailto:[email protected]]> On 
Behalf Of Fitch, Scott C
Sent: Tuesday, October 25, 2011 10:57 AM
To: [email protected]<mailto:[email protected]>
Subject: [plasma] Delegation scenario

Plasma also opens up the opportunity to support delegation in a much more 
sustainable and elegant manner than current PKI-based S/MIME. I'd like to see 
that called out as a scenario in Section 3. Others have similar thoughts?

                -Scott

_______________________________________________
plasma mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/plasma

Reply via email to