W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1997

RE: ACL Draft

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 23 Oct 1997 19:04:55 -0700
Message-ID: <771E1FEEEE41D111A95900805FFE658712AD60@RED-MSG-51.dns.microsoft.com>
To: w3c-dist-auth@w3.org, "'Larry Masinter'" <masinter@parc.xerox.com>


> ----------
> From: 	Larry Masinter[SMTP:masinter@parc.xerox.com]
> Sent: 	Wednesday, October 22, 1997 11:21 PM
> To: 	w3c-dist-auth@w3.org
> Subject: 	Re: ACL Draft
> 
> > Basing ACL decisions on unauthenticated information of the kind this
> > example implies is pretty worthless from a security standpoint, even
> if
> > it is common practice. 
> 
> If I want to restrict access to my file server so that only "Paul
> Leach"
> can read it, well, I probably am willing to accept that I can't
> authenticate
> that it's really you, and not just someone who learned your password.
> All information is authenticated only to a degree. It's a policy 
> decision as to what information to trust in order to make access
> decisions.
> 
You are right that no security (or authentication) is perfect -- it's a
truism.

You are also right that whether or not to accept any particular level of
security is a matter of policy. For example, the IESG has made a policy
that it won't accept any new protocols that rely on weak authentication
mechanisms such as plaintext passwords -- and I would argue that this is
just as weak, and hence not allowed by that policy.

However, as I said before, this needn't violate the model of "principal
IDs".

> As for user perception of the complexity of booleans: we're talking
> about the PROTOCOL here. Whether you let the user's see the booleans
> directly or have some kind of check-box interactive display is an
> interface issue.
> 
If you can show me at least one UI design that hides this complexity,
I'll buy it. Until then, it will be true that I've never seen a UI that
can make anything simpler than the underlying intrinsic complexity --
it's the law of conservation of complexity.

Paul
Received on Thursday, 23 October 1997 22:05:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:44 GMT