W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1998

Hiding the Target of a Reference

From: Slein, Judith A <JSlein@crt.xerox.com>
Date: Wed, 16 Dec 1998 11:44:59 -0500
Message-ID: <201BB34B3A73D1118C1F00805F1582E8B76D33@x-wb-0128-nt8.wrc.xerox.com>
To: "'WebDAV'" <w3c-dist-auth@w3.org>
The following requirement is currently part of the Advanced Collections
Requirements draft:

3.1.19 When creating a direct reference, it is possible to request that the
location of its target be hidden.

There was pretty strong sentiment in Orlando for dropping this requirement.
The grounds for rejecting it were:

1.  This is "security through obscurity", which is generally a bad strategy
for insuring security.
2.  It's better just to describe the perceived risks in the security section
of the draft.
3.  This is really an access control issue, and should be addressed as part
of access control.

I'd like to confirm on the mailing list whether we want to drop this
requirement.

--Judy

Judith A. Slein
CR&T/ADSTC
jslein@crt.xerox.com
8*222-5169
Received on Wednesday, 16 December 1998 11:40:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:48 GMT