-
Key: SEC17-2
-
Legacy Issue Number: 2800
-
Status: closed
-
Source: Anonymous
-
Summary:
Summary: The Public attribute is said to exist for the mere purpose of having at
least one credentials object with at least one attribute, if no user has
authenticated. (It is entirely debateable of whether a credentials object
should exist at all if a prinicpal does not authenticate). It appears the
only purpose for this public attribute, which is said to exist in every
Credentials instance regardless of authentication, is to be able to
"grant" rights to EVERY principal in a Domain Access Policy.Access Policies (AP), as opposed to Domain Access Policies(DAP) (is an
extension of AP) do not have to follow the "grant/revoke/replace" scheme
of DAP.Therefore, the Public attribute permiates the entire system just to
support an optional Domain Access Policy. In fact that most access
decisions will ignore the Public attribute if access is based on other
attributes. This situation reveals unecessary copying of data and checking
for it. Therefore the public attribute is extraneous and causes
inefficiences.A better solution would be to confine the problem of "granting" rights
(which is in DAP only) to every principal in a "domain" to the Domain
Access Policy interface itself, such as an operation of "void
set_base_rights(RightsList rights);" and not permiate the entire system
with a useless attribute. And of course, eliminate the Public Security
Attribute all together, and all refernces to it. -
Reported: SEC 1.6 — Mon, 12 Jul 1999 04:00 GMT
-
Disposition: Resolved — SEC 1.7
-
Disposition Summary:
Close Issue 2800 _Public
-
Updated: Fri, 6 Mar 2015 20:58 GMT