W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1997

Re: ACL Draft

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 22 Oct 1997 14:24:31 PDT
Message-ID: <344E6F0F.6306A0DF@parc.xerox.com>
To: Paul Leach <paulle@microsoft.com>
CC: Howard Palmer <hep@netscape.com>, Yaron Goland <yarong@microsoft.com>, w3c-dist-auth@w3.org
> The traditional way of dealing with this is instead to say that the
> "who" can contain lots of internesting info, such as where you are
> connecting from. In other words, if it matters (for secuyrity purposes)
> that "who" connecting from home and "who" connecting from work, then
> they are different "who"s -- i.e., they are different principals.

The traditional way of dealing with this in systems that support
ACLs doesn't match the web's way of dealing with this. In this case,
the user trying to access information has many attributes, only
one of which is their authenticated identity.

Now, this can get arbitrarily complex, and I'm not asking that
it be arbitrarily complex, but at least complex enough to implement
the *very common* authentication policy on the web: everyone
from site *.blah.com has access, but users from any other site
have to log in.

Larry
-- 
http://www.parc.xerox.com/masinter
Received on Wednesday, 22 October 1997 19:46:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:44 GMT