You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After authentication of the peer, a workload can perform authorization by verifying that the authenticated identity has the appropriate permissions to access the requested resources and perform required actions. This process involves evaluating the security context described previously. The workload validates security context, checks validity of permissions against its security policies to ensure that only authorized actions are allowed.
The term "Authenticated Identity" suggests that all identity-related information can be authenticated. However the definition of identity earlier in the document includes various attributes that cannot necessarily be authenticated. There is a pull request that changes the Identity section significantly, however it doesn't clearly define the term "Identity" either. Further work is needed to ensure crips defintions.
The text was updated successfully, but these errors were encountered:
I think the challenge here is going to be to define identity here just enough to make the appropriate points. I think for the purposes of this section, the authorization calculation is based on the following:
The value of the peer workload's authenticated identifier and other information that may be present in the WIT or certificate
Authorization context information based on the current transaction. An example may be a context token issued by a token service
Other information that is bound to the peer's workload identifier or authorization context through mechanisms that are currently outside the scope of this document.
draft-ietf-wimse-arch/draft-ietf-wimse-arch.md
Line 217 in 8234b6d
The term "Authenticated Identity" suggests that all identity-related information can be authenticated. However the definition of identity earlier in the document includes various attributes that cannot necessarily be authenticated. There is a pull request that changes the Identity section significantly, however it doesn't clearly define the term "Identity" either. Further work is needed to ensure crips defintions.
The text was updated successfully, but these errors were encountered: