Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The InCommon Certificate Authority already gives us one potential method of support for entity federation. A client could use its certificate to register with an entity registry, or to get a credential from an authorization service.

Emerging Issues

IssueIDIssue TitleNotes

1

Entities as Agents

(Clients, Services)

A

Must have a registry in which they are an entry
BMust have accounts/credential sets
CMust be discoverable by potential clients
DMust have a trust anchor

 

 

API Security turns out to be the driver for taking up non-person entities

2

Authorization policies have a fundamental structure

ASUBJECT can perform ACTION on RESOURCE under CONDITIONS
BTrue = Allow
CFalse = Deny
 
3  
4