- From: Sankar Virdhagriswaran <sv@hunchuen.crystaliz.com>
- Date: Tue, 13 May 1997 08:41:53 -0400
- To: Jon Radoff <jradoff@novalink.com>, w3c-dist-auth@w3.org, jradoff@novalink.com
>up in the Requirements draft. If you have other issues that you >think should be discussed, please send them to me. Two major issues for access control in authoring situations is a) the partitioning of users and the type of operations that these users can perform, and b) State of the objects and the transactions being performed on these objects > >1. Should an access control specification attempt to encompass any > of the following: > > a) Potential extensions to HTTP; > b) A server-based API approach; > c) A file-oriented specification (e.g., an Access Control List > specification for the Web). All of this should fall out from a better understanding of the requirements. In any case, APIs have not been traditionally successful in IETF like settings. Also, in the context of proxies, gateways, etc. dealing with the protocol implicatin is lot more important. So perhaps we can focus there first. File oriented specification is a start but web objects are not just files. Sankar Virdhagriswaran p. no: 508 371 0404
Received on Tuesday, 13 May 1997 08:38:48 UTC