W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1997

RE: ACL Draft

From: Yaron Goland <yarong@microsoft.com>
Date: Wed, 22 Oct 1997 11:14:11 -0700
Message-ID: <11352BDEEB92CF119F3F00805F14F48503F9F17F@RED-44-MSG.dns.microsoft.com>
To: "'Larry Masinter'" <masinter@parc.xerox.com>, Howard Palmer <hep@netscape.com>
Cc: "W3c-Dist-Auth (E-mail)" <w3c-dist-auth@w3.org>
1) That is an issue for the underlying access control mechanism, not the
ACL protocol.
2) Many systems do not depend upon location as a basis for access
control. So it would be more like "the basic model for access control is
that who you are and POTENTIALLY where you're connecting from
determines..."

Either way, I do not believe the issue is germane to ACLs as access
control is handled "below" the ACL protocol. The only issue the ACL
protocol need concern itself with is a mechanism by which it can
identify a principal. So for example a principal identifier might be:
<xyz-auth-mech><location>www.user.personal.com</location><userid>JoeUser
</userid></xyz-auth-mech>

As far as the ACL protocol is concerned the above is just an opaque
identifier. It may be meaningful to some particular authentication
mechanism, but the ACL protocol doesn't need to worry about that.

			Yaron

> -----Original Message-----
> From:	Larry Masinter [SMTP:masinter@parc.xerox.com]
> Sent:	Wednesday, October 22, 1997 9:09 AM
> To:	Howard Palmer
> Cc:	Yaron Goland; W3c-Dist-Auth (E-mail)
> Subject:	Re: ACL Draft
> 
> To put it another way, you'd like
> 
> >   The basic model for access control, informally expressed, is that
> >    who you are determines how you can access a resource....
> 
> to change, so that 
> 
>   the basic model for access control is that
>   who you are and where you're connecting from determines ...
> 
> Larry
> -- 
> http://www.parc.xerox.com/masinter
Received on Wednesday, 22 October 1997 14:14:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:44 GMT