W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 1996

Re: Authentication, security requirements

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 24 Sep 1996 20:28:44 PDT
To: ejw@ics.uci.edu
CC: w3c-dist-auth@w3.org, ejw@ics.uci.edu
Message-Id: <96Sep24.202844pdt."2757"@golden.parc.xerox.com>
Almost all distributed authoring systems have some notion of the
identities of the authors, whether those were organizational,
individual, or based on some kind of role.

Those notions differ among distributed authoring systems, each
user may want to participate in several, and there's a serious problem
of proliferation of identities.

The use of realms and domains in HTTP authentication might not match
well into a distributed authoring environment where a single user
might take on multiple roles, for example. Or does it?

Every system needs some kind of system administrative functions, many
of which involve changing access control priviledges. These might not
need to be standardized across distributed authoring
applications. However, when creating new areas, establishing links, or
otherwise establishing new content that has no prior history, it is
often essential to be able to provide access policy information about
the new object. Unfortunately, there are no good guidelines for
standard access control policy languages, although PICS might have a
model for some.

Is the kind of individual identification that HTTP authentication
provides sufficient to allow full entre into each distributed
authoring environment's access control system?

I think these are some of the security issues that are unique to
distributed authoring.

The requirements for authentication and secure transmission are well
known and have already been addressed in other documents and need not
be repeated.

Larry
Received on Tuesday, 24 September 1996 23:29:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:41 GMT