- From: Suresh Chitturi <schitturi@rim.com>
- Date: Tue, 23 Feb 2010 11:32:13 -0600
- To: <public-device-apis@w3.org>
- Message-ID: <D37CC1B151BD57489F4F89609F168FE80473B52D@XCH01DFW.rim.net>
Hi all, In response to the above action, please find below the proposed definition for Access Control. The group is recommended to add the following definition under the definitions section of [1]. --------BEGIN-------------- Access Control It is referred to the management of controlling access to device API and its underlying resources i.e. whether to allow or disallow the application in subject to gain access to a particular device capability. Access Control is a function of two methods that may or may not be mutually exclusive: 1) Access Control by declaration - refers to a method wherein the author of the application seeks access to specific device APIs i.e. by declaring the application author's intent. Example, by declaring the Feature to which the application intents to access and the domain or network resources that may need to access that particular Feature during the lifecycle of the application. 2) Runtime Policy Enforcement - refers to method wherein a security policy is applied at the runtime based on underlying implementation of the Device API, which maybe based on several factors e.g. the context in which the device API is accessed, terms of deployment, etc. --------END-------------- We acknowledge that the above definition only satisfies part of the action, and does not make a proposal on the model for policy enforcement. However, considering the ongoing discussions related to the overall security framework and the fact that the policy enforcement model definition is not appropriate for requirements document but part of the solution, we would like to close this action at this point, and create a new one if necessary. [1] http://dev.w3.org/2009/dap/policy-reqs/#definitions Thanks, Suresh --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
Received on Tuesday, 23 February 2010 17:49:02 UTC