W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

RE: [ACL] Conference call notes, Mar. 31

From: <jamsden@us.ibm.com>
Date: Mon, 3 Apr 2000 13:50:06 -0400
To: w3c-dist-auth@w3c.org
Message-ID: <852568B6.00620752.00@d54mta03.raleigh.ibm.com>


All, upon further thought, I don't feel that  authentication should ever
come into the realm of ACLs, since (I'd hope) any  authentication is
performed at the HTTP/WebDAV level before any ACL is  examinedand that the
ACL "engine" should trust the identity performing  operations. In other
words, any principal information in the ACL should  be compared against the
principal information for the request (which should  already have been
authenticated as a valid principal or re-assigned as an  invalid one)
without trying to communicate to an owning "domain server" of that
principal's  domain.
<jra>
I agree with this.
</jra>
Received on Monday, 3 April 2000 14:00:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT