6J/ Access Control Us Cases

From IIW

Access Control Use Cases


Session Convener: Alan Karp

Notes-taker(s): Alan Karp

Tags / links to resources / technology discussed, related to this session:

https://docs.google.com/document/d/1Jr1MM6Sjfj4f2Y9JjJLOsAxTv2TYNuE_Ck0kMuI589I/edit


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Several groups are adopting capabilities for access control, but I am concerned that the use cases they are considering are too simple. I’m hoping that considering the use cases in the above document will lead to better designs.

In the session I discussed those use cases.. Please add comments or suggest other use cases.

Many of the use cases involved ad hoc delegation, which led to a question about enforcing enterprise policy. Aren’t there some situations when you should prevent delegation? Perhaps, but doing that leads to a system that is both harder to use and less secure. The problem is that people will share credentials if that’s the only way they can get their work done.