RE: Draft WG charter

Half addressing security is, in my opinion, even worse then not addressing 
it at all. The reason being that a half addressing leaves certain 
expectations that may or may not be accurate, that may or may not work, and 
that may or may not ever be realized. The logic is similar to why it is 
better to use no virus checker than a bad virus checker.

I have said before that we should have a dedicated security sub-group on a 
separate schedule from the main group. I am willing to be a member. Is 
anyone else interested?

					Yaron

----------
From:  Larry Masinter[SMTP:masinter@parc.xerox.com]
Sent:  Wednesday, September 18, 1996 3:14 PM
To:  ben@algroup.co.uk
Cc:  ejw@ics.uci.edu; w3c-dist-auth@w3.org
Subject:  Re: Draft WG charter

Personally, I think that the charter should be broad enough that we
might consider specific proposals for authorization models and access
permissions, even if we don't want to deep end on the topic.

No Internet standard can progress without at least touching on the
topic of security issues, and I don't think we can just ignore the
issue, without being clear about how such things will work in
practice.

Clearly, in order to meet the general needs, we can't rely on a
specific model ("ownership" and "file permissions"), but the protocol
might allow some registry of authentication models, and tunnel access
policy issues. After all, an access policy for a particular uploaded
item isn't so different from other kinds of random metadata (PICS
rating, MARC record, etc.) that one might want to send.

Larry

Received on Thursday, 19 September 1996 15:03:47 UTC