ode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Boisvert" <boisv...@intalio.com>
Subject Re: Passing in Login and Password
Date Wed, 12 Sep 2007 01:58:09 GMT
On 9/10/07, Noel J. Bergman <noel@devtech.com> wrote:
>
> Assaf Arkin wrote:
> > Alex Boisvert wrote:
> > > I would also suggest using the standardized NIST RBAC terminology
> (user,
> > > role, permission) because it's most widely used and more intuitive
> (and
> > > business friendly).   "Credential" seems to be the most common term
> used
> > > for proof of identity and authority.
> > Credentials are proof of identity, not authority.
>
> I believe that's what Alex said.  Credentials are for authentication.
> Roles/permissions are for authorization.



Credentials are proof of both -- especially in non-centralized systems.   My
driver's license is proof of my identity (if you're willing to trust the
DMV) *and* certifies that I can legally drive a car or a motorcycle with
some vision correction apparatus.

And take my Advanced PADI card... It also has my name and picture on it but
I doubt I could use it for identification anywhere.  Regardless, when I'm
traveling to Belize I can rent scuba gear with it. The scuba shop doesn't
really care who I am, they just care that I have some sort of certification.

Saying credentials are for identification only is a pretty narrow
definition.

alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message