[security-dev] Entitlements Concept

Anil Saldhana Anil.Saldhana at redhat.com
Fri Jan 31 10:43:09 EST 2014

The idea is if rather than make 100 enforcement (Access Checks), you 
make one call and download
the entitlements and then do local authorization checks.

As an example, there is a mobile phone that has a rich native app. It 
connects to a server and downloads
the entitlements on the fly. That way it can make local decisions as to 
what the permissions are, rather than
make individual server access checks.  Useful in environments such as 
financial apps.

On 01/31/2014 09:40 AM, Anil Saldhana wrote:
> Hi All,
>      any objections to getting the Entitlements Manager concept into
> PicketLink Authorization?  That way we cover all based with both Fine
> Grained Authorization (Permissions API/Implementation) as well as
> download of entitlements.
> My previous prototype:
> https://docs.jboss.org/author/display/SECURITY/EntitlementsManager
> (there are bugs in the test case which I will fix)
> While the FGA is what I call the Enforcement Model, the
> EntitlementsManager concept is what I call the Entitlement Model.
> I am currently writing a specification at OASIS for this:
> https://www.oasis-open.org/committees/document.php?document_id=52098&wg_abbrev=cloudauthz
> Regards,
> Anil

More information about the security-dev mailing list