- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Tue, 24 Sep 1996 20:28:44 PDT
- To: ejw@ics.uci.edu
- CC: w3c-dist-auth@w3.org, ejw@ics.uci.edu
Almost all distributed authoring systems have some notion of the identities of the authors, whether those were organizational, individual, or based on some kind of role. Those notions differ among distributed authoring systems, each user may want to participate in several, and there's a serious problem of proliferation of identities. The use of realms and domains in HTTP authentication might not match well into a distributed authoring environment where a single user might take on multiple roles, for example. Or does it? Every system needs some kind of system administrative functions, many of which involve changing access control priviledges. These might not need to be standardized across distributed authoring applications. However, when creating new areas, establishing links, or otherwise establishing new content that has no prior history, it is often essential to be able to provide access policy information about the new object. Unfortunately, there are no good guidelines for standard access control policy languages, although PICS might have a model for some. Is the kind of individual identification that HTTP authentication provides sufficient to allow full entre into each distributed authoring environment's access control system? I think these are some of the security issues that are unique to distributed authoring. The requirements for authentication and secure transmission are well known and have already been addressed in other documents and need not be repeated. Larry
Received on Tuesday, 24 September 1996 23:29:10 UTC