Re: [Ace] Update of access rights

Wed, 06 May 2020 08:58:45 -0700 

Francesca Palombini <francesca.palomb...@ericsson.com> wrote:
    mcr>     Is there an assumption that the access rights(T2) >= access
    mcr> rights(T1)?

    > FP: No. But at the same time if access rights(T2) is a subset of access
    > rights(T1), then there is no point in the client requesting T2 from the
    > AS... These could be a disjoint sets of access rights.

There are some cases here.

T2 is a superset of T1.  Everything makes sense.
T2 is a subset of T1.    I to think about this.
T2 is complete disjoint of T1.
T2 is the union of a subnet of T1, and some new set of rights T2B.
   That is, partial overlap, but T2 not superset of T1.

    > FP: As currently defined in the document, yes, Sec1 ends up being
    > deleted as soon as Sec2 is validated (i.e. a request is correctly
    > decrypted by the receiving endpoint using Sec2). If T1 and T2 do
    > different things and the client wants to (and is allowed to - T1 is not
    > expired or revoked for some reason) keep T1 alive, then we are not in
    > the case of "update of access rights", i.e. the case where T2 replaces
    > T1. My "Final point" was to cover exactly the case you mention, where
    > T1 and T2 are used to derive 2 different security contexts, where the
    > RS does not realize they come from the same Client. It is up to the AS
    > to make sure that T1 and T2 are disjoints: why would the AS even send 2
    > different tokens that cover part of or the entire same scope at the
    > same RS to the same client? By the way, if it is not already in there,
    > I think that that is another excellent consideration point for the Ace
    > framework.

Client could be vaguely "multi-tenant", having a common security substrate.
That's why there could be 2 different tokens.

Think intelligent speakers that can learn "skills".

One skill operates the stereo, and wants to adjust living room lighting for
appropriate mood. (/me deletes off-colour joke about South Park)

The other skill is the sleep aid, and just wants to dim all lights to near
darkness, but should not operate stereo.

--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to