Re: [Standards] Veto on "Privileged Entity"

I’ve reviewed this ProtoXEP and find it generally suitable for publication as a XEP. A couple of comments: The element should be inside an application-specific element, otherwise the server cannot disguising forwarding per this spec vs forwarding per some other spec. See bullet 5 of 3.2 of XE

Re: [Standards] Veto on "Privileged Entity"

Goffi has sent an updated ProtoXEP to the editor team, which I have just uploaded: http://xmpp.org/extensions/inbox/privilege-component.html Peter -- Peter Saint-Andre https://andyet.com/

Re: [Standards] Veto on "Privileged Entity"

G'day, I have started to study ABAC model, starting with http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf and I understand better the point of view of Dave, actually I have to admit that he is right. After a discussion yesterday on XSF MUC room, I'll go in the followi

Re: [Standards] Veto on "Privileged Entity"

Not XEP-0277 but most pubsub clients should be able to use it at a very basic level. There are many bits that are 'extra' however. I'd like to see Buddycloud being as compatable as possible with 'standard' XMPP with its own sugar. On 17 Dec 2014 23:05, "Goffi" wrote: > On 17/12/2014 22:20, Simon

Re: [Standards] Veto on "Privileged Entity"

On 17/12/2014 22:20, Simon Tennant wrote: - we (developers of "Salut à Toi", http://www.salut-a-toi.org) an a few other projects (namely Movim http://movim.eu, Jappix http://www.jappix.org) or developers (notabily Sergey Dobrov is working on these issues too) are working on an XMP

Re: [Standards] Veto on "Privileged Entity"

> > - we (developers of "Salut à Toi", http://www.salut-a-toi.org) an a few > other projects (namely Movim http://movim.eu, Jappix http://www.jappix.org) > or developers (notabily Sergey Dobrov is working on these issues too) are > working on an XMPP based decentralized (micro)blogging platforms. >

Re: [Standards] Veto on "Privileged Entity"

On 17/12/2014 18:10, Kurt Zeilenga wrote: I’m glad this thread seems now to be focused more Dave’s concerns with the ProtoXEP itself and how the authors might cure these concerns than discussions of general XMPP access control issues. I’m going to try focus all my comments on the ProtoXEP its

Re: [Standards] Veto on "Privileged Entity"

On 17/12/2014 18:06, Dave Cridland wrote: OK, I entirely forgot about that. And in fairness, I think Section 6 is reasonable; I think Sections 4 and 5 are the problem. Ok, it become more precise, I'll work on it This document is not about building an external PEP service; this document - or

Re: [Standards] Veto on "Privileged Entity"

I’m glad this thread seems now to be focused more Dave’s concerns with the ProtoXEP itself and how the authors might cure these concerns than discussions of general XMPP access control issues. I’m going to try focus all my comments on the ProtoXEP itself, your specific concerns of it, and what

Re: [Standards] Veto on "Privileged Entity"

On 17 December 2014 at 16:14, Goffi wrote: > > What we have, currently, is a proposal for a XEP which describes a >> authorization model operating solely on stanzas, and applying >> rights based on identities, on the granularity of namespace and IQ type. >> > > That's not true, it also operate on

Re: [Standards] Veto on "Privileged Entity"

On 17/12/2014 15:53, Dave Cridland wrote: It's the only tool I have to prevent this becoming a XEP prior to the discussion. The XEPs was submitted months ago (first mention on standard@ in may !), we could have this discussion before. What we have, currently, is a proposal for a XEP whic

Re: [Standards] Veto on "Privileged Entity"

Wow, I wasn't expecting this going in such a long thread. On 16/12/2014 19:24, Dave Cridland wrote: That's actually what I'm trying to avoid; we currently have lots of fractional solutions, and no real standard. Trying to do thing in a too generic way resolving all potential use cases can lea

Re: [Standards] Veto on "Privileged Entity"

On 17 December 2014 at 13:24, Kurt Zeilenga wrote: > > > On Dec 17, 2014, at 3:52 AM, Dave Cridland wrote: > > On 17 December 2014 at 05:15, Kurt Zeilenga > wrote: >> >> While your OP implies that “we” (presumedly “the community”) should take >> a step back and consider model and terminology iss

Re: [Standards] Veto on "Privileged Entity"

On 2014-12-17 14:24, Kurt Zeilenga wrote: > [..] > It seems you are holding this ProtoXEP hostage for a general discussion > and possibly more (“a better system”?). Hi, I haven't fully digested all words in this thread. However, I think I understand the general idea of the arguments being made by

Re: [Standards] Veto on "Privileged Entity"

> On Dec 17, 2014, at 3:52 AM, Dave Cridland wrote: > > On 17 December 2014 at 05:15, Kurt Zeilenga > wrote: > While your OP implies that “we” (presumedly “the community”) should take a > step back and consider model and terminology issues, in your latest commen

Re: [Standards] Veto on "Privileged Entity"

On 17 December 2014 at 05:15, Kurt Zeilenga wrote: > > While your OP implies that “we” (presumedly “the community”) should take a > step back and consider model and terminology issues, in your latest > comments, it seems more that you want the authors to adopt a this model and > terminology you or

Re: [Standards] Veto on "Privileged Entity"

On 16 Dec 2014, at 18:02, Goffi wrote: > I'm curious to see some other opinions on this subject. For what it’s worth, having implemented ACL ‘stuff’ in an XMPP server, and seeing how this has grown over the years, I think standardising this with a global framework would be something of an under

Re: [Standards] Veto on "Privileged Entity"

While your OP implies that “we” (presumedly “the community”) should take a step back and consider model and terminology issues, in your latest comments, it seems more that you want the authors to adopt a this model and terminology you originally wanted “we” to consider. While I would not have i

Re: [Standards] Veto on "Privileged Entity"

On 16 December 2014 at 22:05, Dave Cridland wrote: > > On 16 Dec 2014 21:21, "Kurt Zeilenga" wrote: > > And can I draw the conclusion you think XACML is the “standard industry > model and terms” specification that you want this work “recast” in? > > No, but it uses the same ABAC model as of NIST

Re: [Standards] Veto on "Privileged Entity"

On 16 Dec 2014 21:21, "Kurt Zeilenga" wrote: > And can I draw the conclusion you think XACML is the “standard industry model and terms” specification that you want this work “recast” in? No, but it uses the same ABAC model as of NIST and others. None of these specifications are particularly appro

Re: [Standards] Veto on "Privileged Entity"

> On Dec 16, 2014, at 1:07 PM, Dave Cridland wrote: > > > On 16 Dec 2014 20:23, "Kurt Zeilenga" > wrote: > > You have provided no suggestions to the authors of how they might take > > change the ProtoXEP to address your objections. > > Okay, I thought I had gi

Re: [Standards] Veto on "Privileged Entity"

On 16 Dec 2014 20:23, "Kurt Zeilenga" wrote: > You have provided no suggestions to the authors of how they might take change the ProtoXEP to address your objections. Okay, I thought I had given the general actions I'd like to see, but I'll rephrase. The specification describes a very specific so

Re: [Standards] Veto on "Privileged Entity"

> On Dec 16, 2014, at 10:48 AM, Dave Cridland wrote: > > > > On 16 December 2014 at 18:24, Kurt Zeilenga > wrote: > > > On Dec 16, 2014, at 10:02 AM, Goffi > > wrote: > > > > > > I'm curious to see some other opinions on this subject.

Re: [Standards] Veto on "Privileged Entity"

On 16 December 2014 at 18:24, Kurt Zeilenga wrote: > > > > On Dec 16, 2014, at 10:02 AM, Goffi wrote: > > > > > > I'm curious to see some other opinions on this subject. > > While I have not formed a particular opinion with regards to the ProtoXEP > worthiness to become a XEP or not as I simply h

Re: [Standards] Veto on "Privileged Entity"

On 16 Dec 2014 18:03, "Goffi" wrote: > even if I understand your point of view, I have the feeling to see the famous > XKCD strip: let's do a new standard which cover everyones use cases > (situation: 15 competing standards) ! > That's actually what I'm trying to avoid; we currently have lots of

Re: [Standards] Veto on "Privileged Entity"

> On Dec 16, 2014, at 10:02 AM, Goffi wrote: > > > I'm curious to see some other opinions on this subject. While I have not formed a particular opinion with regards to the ProtoXEP worthiness to become a XEP or not as I simply have not read it, I am generally of the opinion that publication

Re: [Standards] Veto on "Privileged Entity"

Hi Dave, even if I understand your point of view, I have the feeling to see the famous XKCD strip: let's do a new standard which cover everyones use cases (situation: 15 competing standards) ! The XACML protocol is more than 150 pages, I can't see any XEP adapting this to XMPP coming before ye

[Standards] Veto on "Privileged Entity"

Folks, At the last Council meeting, I entered a position of -1 concerning Privileged Entity: http://xmpp.org/extensions/inbox/privilege-component.html In order to explain my position better, it's worth examining how authorization systems currently model the world. I'm going to use XACML terms he