6J/ Access Control Us Cases
Access Control Use Cases
Session Convener: Alan Karp
Notes-taker(s): Alan Karp
Tags / links to resources / technology discussed, related to this session:
https://docs.google.com/document/d/1Jr1MM6Sjfj4f2Y9JjJLOsAxTv2TYNuE_Ck0kMuI589I/edit
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Several groups are adopting capabilities for access control, but I am concerned that the use cases they are considering are too simple. I’m hoping that considering the use cases in the above document will lead to better designs.
In the session I discussed those use cases.. Please add comments or suggest other use cases.
Many of the use cases involved ad hoc delegation, which led to a question about enforcing enterprise policy. Aren’t there some situations when you should prevent delegation? Perhaps, but doing that leads to a system that is both harder to use and less secure. The problem is that people will share credentials if that’s the only way they can get their work done.