- privileges, a generic model
- group, role and role hierarchies, draft proposal for MACE-wide model and definition
- Are the definitions in the glossary good enough or are their others that are more widely accepted?
- mace documents ( grouper) vs other standards groups
- Are the definitions in the glossary good enough or are their others that are more widely accepted?
- Using groups and roles vs privileges, how to choose, simple access management
- How much can access management be centralized vs embedded in applications?
- Follow the attributes
- case studies
- group, role and role hierarchies, draft proposal for MACE-wide model and definition
- attribute delivery recipe:
- SAML between IdP & SP
- SPML, XMPP ( grouper) for push provisioning
- XMPP is a messaging protocol that many institutions already run with known security and addressing standards
- JMS or activeMQ ? AMQP as a wire protocol.
- XMPP is a messaging protocol that many institutions already run with known security and addressing standards
- LDAP , privilege registry or webservice for pull provisioning
- is there existing mace-dir work to build on?
- generalizing to federated scenarios and VOs
- What is the namespace and object characteristics for privileges
- what are the special problems in namespace choice?
- Fifer using URIs
- What is the namespace and object characteristics for privileges
- authorization and access control
- case studies in production
- rule-based access control
- XACML , DROOLS, others
- policy, a generic model
- P*P architectures: proposed models,
- Application policy, enterprise policy, VO policy
- case studies - bamboo
- P*P architectures: proposed models,
examples of access management in productions
-
- performance issues and design tradeoffs
- Experience with commercial and open source offerings
- The Aegis Identity Management Suite based on open standards tools