- From: Paul Leach <paulle@microsoft.com>
- Date: Wed, 22 Oct 1997 16:16:51 -0700
- To: hep@netscape.com, masinter@parc.xerox.com, "'Sukanta Ganguly'" <sganguly@novell.com>
- Cc: Yaron Goland <yarong@microsoft.com>, w3c-dist-auth@w3.org
> ---------- > From: Sukanta Ganguly[SMTP:sganguly@novell.com] > Sent: Wednesday, October 22, 1997 1:14 PM > > Hi, > I have a hard time understanding why would the "who" contain the > information of "from where". The identity should be maintained > uniquely by > "who" irrespective of from where the connection is made. > If you say that the access rights are different based on where you connect from, then, in classical protection models, by definition it is a different _principal_. The informal word for principal is "who". Principals are not identical with users. In other systems, the principal changed when the same user executes programs in different domains, for example. Principals have often been tuples -- in our case, _if_ we want to have access rights depend on from where the connection was made, then maybe principals would be (user, location) pairs. For background, see, for example, "Protection Strucutures", Popek, IEE Computer, June 1974, or "Protection, Principles and Practice", Graham & Denning, SJCC, 1972, or "Protection", Lampson, Preceeding 5th Princeton Conf Info Sciences and Systems, 1971. Paul
Received on Wednesday, 22 October 1997 19:17:10 UTC