W3C home > Mailing lists > Public > public-rww@w3.org > November 2012

Re: AccessControl : update + inference

From: Michiel de Jong <michiel@unhosted.org>
Date: Tue, 13 Nov 2012 19:05:15 +0800
Message-ID: <CA+aD3u1apgYuN--c4mVj1jhRycwFSSwnMpAxhpF4MHxWhGXX1w@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: public-rww@w3.org
On Tue, Nov 13, 2012 at 6:50 PM, Melvin Carvalho
<melvincarvalho@gmail.com> wrote:
> Also dont forget
> - Cookies
> - Unguessable URIs (security by obscurity)
> - Trusted shared spaces

good point! an interesting feature of unguessable URIs, is that they
actually have nothing to do with identity/authentication. Just like
bank notes, they act as bearer tokens so you can grant access to a
certain action to "whoever has this token", and then distribute the
tokens along with the links, as "caps". Tahoe-lafs works that way.

i guess the confusion is to what 'Access Control' means. To me, it
means the whole system, so both *representing* the policy, and
*enforcing* it. It seems the LDP wiki page is mostly about the
representing part, and leaves the actual enforcement pretty much out
of scope.
Received on Tuesday, 13 November 2012 11:05:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:40:04 UTC