Re: Access Control Draft
I'm a bit worried by the direction this group is taking. It should
really do no more than propose a set of requirements for security
problems. I do not see people who are primarilly security people
posting to this group (I may have missed them).
Please rememebr that security can be a serious rat hole, particularly
if questions such as access control are to be discussed. to discuss
security seriously I would like to see someone such as Jeff Schiller,
Butler Lampson, Ron Rivest or Taher ElGamal involved. I would urge
the group to look to other working groups such as SPKI to solve this
aspect of the problem.
I would not particularly recommend the API approach. I have serious
doubts about GSAPI, particularly since it does not solve the problem
it was intended to (export) and I have never quite been able to wring
a coherent explanation of objectives, purpose or mechanism from
the specs. I get the same feeling that I get when reading the
Windows NT operating system manuals, mechanism without explanation
of stategy or architecture.