W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: ACLs

From: Dave Hollander <dmh@hpsgml.fc.hp.com>
Date: Fri, 02 May 1997 09:25:41 -0600
Message-Id: <199705021525.AA024456742@hpsgml.fc.hp.com>
To: w3c-dist-auth@w3.org

I think the API based specification will work, but will leave the issue
to this group and the industry. I was responding to the specific chain 
proposing ACLs as the appropriate mechanics for access control. While 
in today's systems ACLs provide the most common and secure access 
controls, they are difficult to maintain and manage. I would like to be
able to encourage directory based access control techniques within
the DAV environment.

Regards
Dave Hollander

----------------------
Jack writes:
> I believe the API approach will allow for such modularity, or
> is that of concern to you?  ... 

Dave writes:
> > > but would focus on developing specifications for protocol extensions, 
> > > ACLs and the like.
> > > 
> > 
> > I believe that DAV should touch on security, but please do not insist
> > on ACLs. The exact binding of security attributes to system 
> > implementation must be left to the application to allow alternatives
> > to ACLs to grow.
> > 
> > Regards,
> > Dave Hollander
> ---------------------------------------
> 
Received on Friday, 2 May 1997 11:34:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT