W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: ACLs

From: James D Myers <jd_myers@ccmail.pnl.gov>
Date: Fri, 02 May 1997 09:11:23 -0700
To: w3c-dist-auth@w3.org
Message-id: <000E34AB.@ccmail.pnl.gov>

It sounded like the earlier suggestion - an API to ask
"does X have permission on y" isn't limited to ACLs. A more sophisticated system
that checks to see that person X works for the company, has an advanced degree, 
and passed the company web authoring 101 course, could present the same API as 
an ACL manager and give a yes/no answer on permissions. (as an example, Bill 
Johnston at LBNL is developing such a system).

The point: I agree with Dave that ACL specifics shouldn't creep into a security 
API, and don't think they have to for DAV's purposes.


Jim Myers
Collaboratory Project Lead
Pacific Northwest National Lab
______________________________ Reply Separator _________________________________
Subject: ACLs
Author:  Dave Hollander <dmh@hpsgml.fc.hp.com> at -SMTPLink
Date:    5/2/97 8:33 AM

> but would focus on developing specifications for protocol extensions, 
> ACLs and the like.
I believe that DAV should touch on security, but please do not insist 
on ACLs. The exact binding of security attributes to system 
implementation must be left to the application to allow alternatives 
to ACLs to grow.
Dave Hollander
Dave Hollander                    Hewlett-Packard
Intranet Architect                3404 E. Harmony Road, MS. 6U68 
TIS/WebCOE                        Fort Collins, Colorado  80525 
dmh@corp.hp.com                   970-229-3192 
Received on Friday, 2 May 1997 12:07:55 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:15 UTC