From: Andrew.Berry@savillemail.com
To: java-security@java.sun.com
Date: Thu, 26 Aug 1999 14:10:51 +1000
Subject: Entity-level access controls
Hi,
I'm working on a security architecture for offering direct customer access to a
service provider's information system. For example, giving a customer access to
their own records so they can change contact details etc. This requires
entity-level access controls to prevent customers from accessing information
about other customers. The current set of security APIs do not provide any
direct support for this type of access control, nor do the security facilities
associated with enterprise java beans.
We have no problem with developing such access controls ourselves, but it would
be preferable to conform to a set of standard interfaces. While the actual
controls are application specific, the interfaces and mechanisms used are
relatively generic and could easily be standardised. Are there plans to specify
and perhaps implement an entity-level access control API? If so, are there any
pre-release documents or likely timeframes that you can tell me about?
Thanks,
AndyB