- From: James D Myers <jd_myers@ccmail.pnl.gov>
- Date: Fri, 02 May 1997 09:11:23 -0700
- To: w3c-dist-auth@w3.org
It sounded like the earlier suggestion - an API to ask
"does X have permission on y" isn't limited to ACLs. A more sophisticated system
that checks to see that person X works for the company, has an advanced degree,
and passed the company web authoring 101 course, could present the same API as
an ACL manager and give a yes/no answer on permissions. (as an example, Bill
Johnston at LBNL is developing such a system).
The point: I agree with Dave that ACL specifics shouldn't creep into a security
API, and don't think they have to for DAV's purposes.
Jim
Jim Myers
Collaboratory Project Lead
Pacific Northwest National Lab
jd_myers@pnl.gov
______________________________ Reply Separator _________________________________
Subject: ACLs
Author: Dave Hollander <dmh@hpsgml.fc.hp.com> at -SMTPLink
Date: 5/2/97 8:33 AM
> but would focus on developing specifications for protocol extensions,
> ACLs and the like.
>
I believe that DAV should touch on security, but please do not insist
on ACLs. The exact binding of security attributes to system
implementation must be left to the application to allow alternatives
to ACLs to grow.
Regards,
Dave Hollander
_________________________________________________________________
Dave Hollander Hewlett-Packard
Intranet Architect 3404 E. Harmony Road, MS. 6U68
TIS/WebCOE Fort Collins, Colorado 80525
dmh@corp.hp.com 970-229-3192
__________________________________________________________________
Received on Friday, 2 May 1997 12:07:55 UTC