> Basing ACL decisions on unauthenticated information of the kind this > example implies is pretty worthless from a security standpoint, even if > it is common practice. If I want to restrict access to my file server so that only "Paul Leach" can read it, well, I probably am willing to accept that I can't authenticate that it's really you, and not just someone who learned your password. All information is authenticated only to a degree. It's a policy decision as to what information to trust in order to make access decisions. As for user perception of the complexity of booleans: we're talking about the PROTOCOL here. Whether you let the user's see the booleans directly or have some kind of check-box interactive display is an interface issue. Larry -- http://www.parc.xerox.com/masinterReceived on Thursday, 23 October 1997 02:22:49 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:44 GMT