W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: Access Control Draft

From: Gregory J. Woodhouse <gjw@wnetc.com>
Date: Mon, 19 May 1997 15:46:19 -0700 (PDT)
To: w3c-dist-auth@w3.org
Message-ID: <Pine.BSF.3.96.970519154200.9490A-100000@shell3.ba.best.com>
On Mon, 19 May 1997 howard.s.modell@mailgate2.boeing.com wrote:

> a silly question perhaps (excuse me if this has been discussed previously):
> 
> 	is there some reason why something vaguely like the "certificate"
> 	systems being used in electronic commerce couldn't work in this
> 	context?  That is, the "document-set-owner" issues "tokens" to
> 	authors who need to be allowed to access/modify documents in the
> 	set.  When one of those authors wants to "check in" a modified
> 	document or document-part, he or she must be able to accompany his
> 	work with the proper "token".
>

Not that I can think of. In fact, one example that comes to mind is the
standard file system for Amoeba (a distributed operating system). In many
ways, it reminds me of HTTP (immutable files and such), and uses
essentially this scheme for file access. Basically, the file server
(called the "bullet server" in Amoeba) issues what it calls capabilities
which are then required for file access. I quite like this idea.
 
> Note: I'm not saying anything about the complexity of the token, nor the 
> protocol for issuing or recognition nor any of the details.  
> I'm just sketching a model.
> 

I understand. The basic architecture and the security model are more or
less orthogonal.

> <signed>
> Howard S. Modell
> ________________________________________________________________________
>  Adv.Computing Technologist/2         POBox 3707, m/s 4A-25, Boeing D&SG
>  howard.s.modell@boeing.com           Seattle, WA 98124-2207
>  http://warlok.ds.boeing.com/~howie/  (206)662-0189[v] (206)662-4018[f]
> 

---
Gregory Woodhouse
gjw@wnetc.com    /    http://www.wnetc.com/home.html
If you're going to reinvent the wheel, at least try to come
up with a better one.
Received on Monday, 19 May 1997 18:46:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT