- From: <Harald.T.Alvestrand@uninett.no>
- Date: Wed, 31 May 1995 15:15:40 +0200
- To: Ted Hardie <hardie@merlot.arc.nasa.gov>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, harvest-dvl@cs.colorado.edu, naic <naic@nasa.gov>, webmasters@nasa.gov
I think the "right" solution is to have some kind of indication of
the identity of the person or process the access is performed on behalf of.
For instance:
- A cache server should indicate who does access (and what set of others
it will grant access to without asking permission)
- An index server should indicate the set of people it does access for
And so on. Of course, the queried server should respond according to
min(trust in accessing server, trust in claimed user).
I would think that the HTTP level is the right level to attack this problem.
What about overloading the From: field with the value "anybody@anywhere"?
Just a random suggestion......
Harald A
Received on Wednesday, 31 May 1995 08:22:23 UTC