Issue 375: How do add/delete RequiredRights interface entries? (sec-rev) Source: (, ) Nature: Clarification Severity: Serious Summary: Summary: There is only a single set_required_rights method on the RR interface in contrast to rich grant/revoke/replace set on DomAccPolicy and AuditPolicy. Should set add entries? Resolution: Close issue 375: How do add/delete RequiredRights interface entries. Revised Text: Actions taken: November 18, 1996: received issue April 20, 1999: closed issue Discussion: We agreed to close this issue because the get/set methods are sufficient. The functionality being looked for in this issue is more suited to a value-added library use of the get/set functions. End of Annotations:===== To: Polar Humenn Cc: sec-rev@omg.org Subject: Re: Open Issues References: From: "Andre Srinivasan" Date: 09 Mar 1999 22:53:04 -0800 Lines: 65 Issue 339: I vote to close Issue 357: I vote to defer Issue 374: Isn't this the same as 998? I think we've made this even more difficult with the addition of ReceivedCredentials (since we no longer even have a chance of seeing the delegation chain). Vote to argue. Issue 375: Its moot whether we took care of this in 1.5. I don't recall the conversation so we need to talk about it again. Issue 379: Already closed Issue 714: Vote to close. We'll get back into this with CSIv2. Issue 716: Already closed Issue 998: Same as 374 Issue 1633: Same as 714 Issue 1723: I vote to accept Polar's picture. Issue 2027: I vote to get rid of the policy stuff in Current and stick with get/set credentials. Issue 2033: I vote to Defer. Issue 2063: I was pretty sure everyone liked Polar's suggestion. We should discuss again. Issue 2069: Need to finish meeting with messaging folks. I vote to defer. Issue 2086: Yuck. Issue 2169: I vote to make the editorial change. Issue 2170: I vote to make the editorial change. Issue 2199: I vote to make the editorial change. Issue 2259: More discussion Issue 2344: I vote to make the editorial change Question: Are nulls *allowed* to be passed to locality constrained y are not for non-locality constrained. I would argue that making that distinction is just asking for trouble. Let's be consistent and stick with the no nulls rule. Besides with the Component/Persistence spec, there's a new IDL modifier for locality constrained objects. Issue 2437: I vote no on Polar's recommendataion. We need to discuss this more. Issue 2440: I vote no on Polar's recommendataion. The credentials that the client sees from the server must come from the object reference. Cool, we need another policy. Issue 2451: We need discussion. Issue 2452: We need discussion. X-Authentication-Warning: marcy.adiron.com: polar owned process doing -bs Date: Wed, 10 Mar 1999 10:07:03 -0500 (EST) From: Polar Humenn To: sec-rev@omg.org Subject: Re: Open Issues On 9 Mar 1999, Andre Srinivasan wrote: > Issue 375: Its moot whether we took care of this in 1.5. I don't > recall the conversation so we need to talk about it again. This issue is about creating functionality to add/subtract rights. Currently, all we have is set/get. We have minimal functionality to explicitly set the required rights on an interface and operation. It should be minimal. There is nothing stopping an application from getting the rights, modifying, and setting them. We don't have to be creating database managementin the ORB with lots of wild semantics. This is simple, to the point, gets the job done. I believe there should be a tools for adding/subtracting/renaming/whathaveyou of rights, but it should be supplied on top of the interface, not underneath it. Discussion? -Polar