Hi David, I understand the distinction you're making and I agree. If you can work in the phrase "used for access control", I think that would be sufficient. Tom On Nov 29, 2007 4:50 AM, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
Hi Tom
I am happy to add "used for access control" in the context of our document, but not secure manner or trusted source, because this is not true in all cases. Part of our model is to make sure that we only use trusted attributes because the ones that are asserted may have been done insecurely or may not be trusted (see our other definitions). The role of the CVS in our model is to make sure that only the secure and trusted attributes are filtered out for use, whilst the others are discarded. If we define attributes as secure and trusted then there cannot be other attributes to be discarded (by definition). Then there is no point in having a CVS, its functionality is redundant.
However if you are talking from an XACML perspective then your definition is OK, since by the time the attributes are received by the XACML PDP they are already secure and trusted.
regards
David
Tom Scavo wrote:
On 11/28/07, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
iii) I have added a definition of attribute "Attribute is a property of an entity". Nice and simple, and all encompassing :-)
I think this defines what might be called "metadata." Recently, we defined "attribute" as follows:
An attribute is information asserted in a secure manner by a trusted source, used for access control.
I think the key is "used for access control." This is what distinguishes attributes from other kinds of data.
Tom
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************