> as a "subcomponent." This is a component of the overall technology > that should stand on its own. ------------------ True... > An approach that could be taken would be to specify an > interface standard that would pass authentication data (user, realm, > etc.) to a component that would be responsible for obtaining > authorization information, e.g.: > > 1. Application-layer: "Is 'user' allowed to do 'x'?" > > 2. Interface communicates with seperate component, which could > be a module which would respond appropriately yet pull its > information from whatever means of access control are in > place (native OS, Web-server control lists, passwd files, etc.) > > 3. Underlying component does its thing, reports back to the > interface, and the application is told by the interface whether > the user is authorized or not. ------------------ This is nice. > If interoperability is the goal, then the focus should be specifying > an _interface_ rather than yet another ACL methodology. --------------------------- Agreed > If this sort of direction seems to be of interest, I've written some > experimental API's that implement such a concept which could serve as > as a starting point. I had previously planned to probe for interest > in discussing this as its own subject but if the momentum is here, > I am happy to go with it :) --------------- No reason not to have a look, the API is of primary concern. -=jack=- (This text composed by voice)Received on Thursday, 1 May 1997 13:57:51 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT